Edit tour

Windows Analysis Report
tor-browser-windows-x86_64-portable-14.0.2.exe

Overview

General Information

Sample name:	tor-browser-windows-x86_64-portable-14.0.2.exe
Analysis ID:	1561393
MD5:	0d471709feba575823c5d89293bddf62
SHA1:	23a969daff09442e725aafa81864c6eeae706cfb
SHA256:	eec8d8dbdc517184ddfa7353ed89e4ac4d2e6c2fefef2a8c4e2c81bb4b6a9047
Tags:	exeuser-smica83
Infos:

Detection

Score:	36
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

AI detected suspicious sample

Found pyInstaller with non standard icon

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

tor-browser-windows-x86_64-portable-14.0.2.exe (PID: 6388 cmdline: "C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe" MD5: 0D471709FEBA575823C5D89293BDDF62)

tor-browser-windows-x86_64-portable-14.0.2.exe (PID: 7104 cmdline: "C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe" MD5: 0D471709FEBA575823C5D89293BDDF62)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 92.2% probability

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt			Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\LICENSE.txt			Jump to behavior

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static PE information: certificate valid

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\1\b\bin\amd64\python312.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2185017528.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192284158.00007FF8B8CB1000.00000040.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2177832756.00007FF8A824F000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192521953.00007FF8B8F71000.00000040.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2191580810.00007FF8B8B07000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbEE source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2182879352.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2182879352.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2189868208.00007FF8B7891000.00000040.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193635662.00007FF8BA4F1000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192912021.00007FF8B93C1000.00000040.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067053849.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193430091.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193117388.00007FF8B9841000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067053849.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193430091.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2190666664.00007FF8B7E51000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193117388.00007FF8B9841000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171414817.000001E56A270000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2190383413.00007FF8B7E11000.00000040.00000001.01000000.00000011.sdmp

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF6E21583C0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2159280 FindFirstFileExW,FindClose,	0_2_00007FF6E2159280
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2171874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6E2171874
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2159280 FindFirstFileExW,FindClose,	2_2_00007FF6E2159280
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	2_2_00007FF6E21583C0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2171874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00007FF6E2171874

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: steamcomunty.com

Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmp	String found in binary or memory: http://.css
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmp	String found in binary or memory: http://.jpg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157228187.000001E56ACCA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161879195.000001E56B840000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162298286.000001E56AE33000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153413787.000001E56AF34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173816582.000001E56AE95000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153114034.000001E56B837000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161058354.000001E56ACCD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162109762.000001E56AE2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162148100.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162039857.000001E56B8C7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173601470.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AE8F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167795749.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163561460.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149286844.000001E56AF43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digi
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.co
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTruste
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161385770.000001E56A88C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172865160.000001E56A88C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149208172.000001E56ACD6000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156098513.000001E56A883000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104574533.000001E56A80A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157050109.000001E56ACDC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103900550.000001E56A872000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156782904.000001E56A883000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150028790.000001E56ACD7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107421454.000001E56ACDC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103030917.000001E56A811000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2102113414.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160536074.000001E56ACDC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152076176.000001E56A84F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158628343.000001E56A869000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153324985.000001E56A850000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2101993721.000001E56AC60000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104574533.000001E56A80A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103924625.000001E56A84F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156887893.000001E56A85F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103030917.000001E56A811000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2101993721.000001E56AC21000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157228187.000001E56ACCA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161058354.000001E56ACCD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154308290.000001E56AFF7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149766092.000001E56ACC1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153907383.000001E56ACC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153247356.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152076176.000001E56A84F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157943368.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158628343.000001E56A869000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153324985.000001E56A850000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172791241.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149389775.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150748061.000001E56AEB3000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156887893.000001E56A85F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AEAB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161842516.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161275510.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160021059.000001E56AC9A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148451310.000001E568804000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152512812.000001E56AC84000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161017939.000001E56880F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163326632.000001E56ACA1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167119705.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2165643490.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151836860.000001E56AC83000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164191574.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150431006.000001E56AC5D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154096280.000001E56AC99000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151174414.000001E56AC7F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169600066.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171072782.000001E568811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148451310.000001E568804000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161017939.000001E56880F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167119705.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2165643490.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164191574.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169600066.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171072782.000001E568811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlj
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157228187.000001E56ACCA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161058354.000001E56ACCD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154308290.000001E56AFF7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149766092.000001E56ACC1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153907383.000001E56ACC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155264452.000001E56AF84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162148100.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162526793.000001E56AF4A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149286844.000001E56AF43000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158550064.000001E56AF44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155264452.000001E56AF84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crlS
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155264452.000001E56AF84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162148100.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162526793.000001E56AF4A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149286844.000001E56AF43000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158550064.000001E56AF44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155264452.000001E56AF84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crlN
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155264452.000001E56AF84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153247356.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157943368.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149389775.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150748061.000001E56AEB3000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AEAB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161842516.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155264452.000001E56AF84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlJ
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157228187.000001E56ACCA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173816582.000001E56AE95000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161058354.000001E56ACCD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AE8F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149766092.000001E56ACC1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161675441.000001E56AE90000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153907383.000001E56ACC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161879195.000001E56B840000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162298286.000001E56AE33000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153114034.000001E56B837000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162109762.000001E56AE2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162148100.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173601470.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167795749.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149286844.000001E56AF43000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158550064.000001E56AF44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153981511.000001E56A900000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149492998.000001E56B8CA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173601470.000001E56AE14000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167985819.000001E56B8CB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152428525.000001E56AF64000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175805119.000001E56B801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162039857.000001E56B8CB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155753188.000001E56A900000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152656393.000001E56AE03000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162526793.000001E56AF65000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167873972.000001E56A900000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162344319.000001E56B8CB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175168827.000001E56B6C4000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148063041.000001E56B8B1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163064550.000001E56AF66000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148123811.000001E56AF53000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175168827.000001E56B77C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148123811.000001E56AF53000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173078145.000001E56AA10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174404351.000001E56B040000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tar.gz
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174404351.000001E56B040000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tgz
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/zeJZl.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149129206.000001E56A567000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152108173.000001E56A5D0000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151591074.000001E56A5BA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152544966.000001E56A5D1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149722324.000001E56A5B9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156205098.000001E56A5D7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150211375.000001E56A5BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158655483.000001E56A8AB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152904773.000001E56A89E000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156530452.000001E56A8A2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151986261.000001E56A882000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155076119.000001E56A8A2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56ADA5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADA4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AD80000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152656393.000001E56AE03000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AD84000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150297802.000001E56ADFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172694753.000001E56A7EF000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162226312.000001E56AE25000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149312596.000001E56A7C9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155609929.000001E56A7DB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160114525.000001E56A7EE000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153078336.000001E56A7D4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173644199.000001E56AE28000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153823881.000001E56A7DA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158988561.000001E56A7ED000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152076176.000001E56A84F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158628343.000001E56A869000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153324985.000001E56A850000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172791241.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156887893.000001E56A85F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161275510.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154238899.000001E56B00D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152076176.000001E56A84F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158628343.000001E56A869000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153324985.000001E56A850000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172791241.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156887893.000001E56A85F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161275510.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.esls
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713780000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174641409.000001E56B270000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163257172.000001E56AFC4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148451310.000001E568804000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161017939.000001E56880F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167119705.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2165643490.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164191574.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154707992.000001E56AFDF000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162689823.000001E56AFE7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169600066.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171072782.000001E568811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148451310.000001E568804000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161017939.000001E56880F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167119705.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2165643490.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164191574.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169600066.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171072782.000001E568811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/L
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148451310.000001E568804000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161017939.000001E56880F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167119705.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2165643490.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164191574.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169600066.000001E568810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171072782.000001E568811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/r
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153413787.000001E56AF34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162148100.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162526793.000001E56AF4A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163561460.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149286844.000001E56AF43000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174050961.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158550064.000001E56AF44000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150876302.000001E56AF33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175168827.000001E56B734000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153413787.000001E56AF34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163561460.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163734222.000001E56AF3F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175168827.000001E56B77C000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150876302.000001E56AF33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161879195.000001E56B840000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2176379375.000001E56B848000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162977462.000001E56B847000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153114034.000001E56B837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172719318.000001E56A7FD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149312596.000001E56A7C9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163370388.000001E56A7FA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155609929.000001E56A7DB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160114525.000001E56A7EE000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153078336.000001E56A7D4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153823881.000001E56A7DA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158988561.000001E56A7ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152076176.000001E56A84F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158628343.000001E56A869000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153324985.000001E56A850000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172791241.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156887893.000001E56A85F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154238899.000001E56B00D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161275510.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154238899.000001E56B00D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154478823.000001E56AFEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154238899.000001E56B00D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htmQ
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154238899.000001E56B00D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154478823.000001E56AFEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078426244.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077333202.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078506788.000001F713783000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078426244.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077333202.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078326949.000001F713783000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077231097.000001F713782000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174641409.000001E56B270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AE8F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154933151.000001E56B7CA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156146494.000001E56B7D1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161675441.000001E56AE90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162298286.000001E56AE33000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153413787.000001E56AF34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162109762.000001E56AE2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162039857.000001E56B8C7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163561460.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148063041.000001E56B8B1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174050961.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150876302.000001E56AF33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2072627396.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074006705.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2075005559.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713780000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153220403.000001E56B7E9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156624969.000001E56A737000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154340783.000001E56B7EC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175744097.000001E56B7F5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149635986.000001E56A736000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A730000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149208172.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149599042.000001E56AD50000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107421454.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150028790.000001E56AD51000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155036826.000001E56AD5C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106193421.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151003021.000001E56AD5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169901438.000001E56A724000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153357373.000001E56A717000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154971098.000001E56A717000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169693402.000001E56A717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158411254.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2168852886.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162526793.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170527644.000001E56AF7C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174223261.000001E56AF82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172719318.000001E56A7FD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149312596.000001E56A7C9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163370388.000001E56A7FA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155609929.000001E56A7DB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160114525.000001E56A7EE000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153078336.000001E56A7D4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153823881.000001E56A7DA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158988561.000001E56A7ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161879195.000001E56B840000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2176379375.000001E56B848000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162977462.000001E56B847000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153114034.000001E56B837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2113515594.000001E56AEDC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153247356.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149389775.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150748061.000001E56AEB3000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AEDC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161148538.000001E56AEC5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AEAB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF46000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148123811.000001E56AF53000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173943318.000001E56AED7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155976220.000001E56AEBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.orgp
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076536809.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://badge.fury.io/py/autocommand)
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076536809.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://badge.fury.io/py/autocommand.svg)
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.jaraco.com/skeleton
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172988120.000001E56A910000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue44497.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cryptography.io
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cryptography.io/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cryptography.io/en/latest/installation/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cryptography.io/en/latest/security/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.to/martinheinz/tour-of-python-itertools-4122
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172839435.000001E56A879000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076536809.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/argparse.html#description
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076536809.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/argparse.html#epilog
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A160000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A1DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A1DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A1DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A1DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171527925.000001E56A410000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171527925.000001E56A410000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A1DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170035952.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171669708.000001E56A521000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2166624295.000001E56A511000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093279273.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#module-importlib.resources
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/itertools.html#itertools-recipes
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149208172.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150028790.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153543011.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154542928.000001E56AD4C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151036781.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076443518.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsf.org/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076536809.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Lucretiel/autocommand
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076536809.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Lucretiel/autocommand/issues
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Lucretiel/autocommand/issues/18
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171644995.000001E56A514000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170035952.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171669708.000001E56A521000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2166624295.000001E56A511000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093279273.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/astral-sh/ruff
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bbayles
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/erikrose
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083374271.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/inflect
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/inflect/actions/workflows/main.yml/badge.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/inflect/actions?query=workflow%3A%22tests%22
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.collections
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.collections/actions/workflows/main.yml/badge.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.collections/actions?query=workflow%3A%22tests%22
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.context
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.context/actions/workflows/main.yml/badge.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/actions/workflows/main.yml/badge.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/actions?query=workflow%3A%22tests%22
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172988120.000001E56A910000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.text
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.text/actions/workflows/main.yml/badge.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.text/actions?query=workflow%3A%22tests%22
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/keyring/commit/a85a7cbc6c909f8121660ed1f7b487f99a1c2bf7
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/more-itertools/more-itertools
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/more-itertools/more-itertools/graphs/contributors
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174641409.000001E56B270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/platformdirs/platformdirs
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyca/cryptography
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packagingR
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172244793.000001E56A610000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172988120.000001E56A910000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A1DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171644995.000001E56A514000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170035952.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171669708.000001E56A521000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2166624295.000001E56A511000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093279273.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2101568663.000001E56A813000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164410235.000001E56A819000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2098749871.000001E56A7FD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104574533.000001E56A80A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103030917.000001E56A811000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2098411305.000001E56A7DB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2098528400.000001E56A7C7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156852481.000001E56A812000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2099464201.000001E56A815000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_resources
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_resources/actions/workflows/main.yml/badge.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_resources/actions?query=workflow%3A%22tests%22
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171644995.000001E56A514000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170035952.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171669708.000001E56A521000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2166624295.000001E56A511000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093279273.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149351816.000001E56AE55000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2113842358.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161969456.000001E56AE56000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/329020
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160831903.000001E56AF28000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170062046.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157977161.000001E56AF1F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160279326.000001E56ADEA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163491408.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149129206.000001E56A567000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151591074.000001E56A5BA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149722324.000001E56A5B9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160831903.000001E56AF21000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156325520.000001E56A5BC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150211375.000001E56A5BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160831903.000001E56AF28000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170062046.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160279326.000001E56ADEA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163491408.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154971098.000001E56A717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153247356.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149389775.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150748061.000001E56AEB3000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2113842358.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AEAB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169972366.000001E56AEBB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155976220.000001E56AEBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150211375.000001E56A5BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164410235.000001E56A846000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149208172.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167668397.000001E56A846000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149599042.000001E56AD50000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150028790.000001E56AD51000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152428525.000001E56AF64000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155036826.000001E56AD5C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160500937.000001E56A837000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149351816.000001E56AE55000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162526793.000001E56AF65000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173739155.000001E56AE5A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149766092.000001E56ACC1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161969456.000001E56AE56000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2168852886.000001E56AF65000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172839435.000001E56A879000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_resources.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/inflect.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.collections.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.context.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.functools.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.text.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/importlib_resources.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/inflect.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/jaraco.collections.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/jaraco.context.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/jaraco.functools.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/jaraco.text.svg
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/?badge=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173078145.000001E56AA10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://inflect.readthedocs.io/en/latest/?badge=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jaracocollections.readthedocs.io/en/latest/?badge=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jaracocontext.readthedocs.io/en/latest/?badge=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jaracofunctools.readthedocs.io/en/latest/?badge=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083374271.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jaracotext.readthedocs.io/en/latest/#jaraco.text.WordSet
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jaracotext.readthedocs.io/en/latest/?badge=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153907383.000001E56ACC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104574533.000001E56A80A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2168090340.000001E56A80F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158384713.000001E56A80E000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104280080.000001E56AC9D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104990087.000001E56ACB4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2168350841.000001E56A810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://martinheinz.dev/blog/16
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.SequenceView
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.adjacent
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.all_equal
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.all_unique
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.always_iterable
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.always_reversible
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.batched
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.before_and_after
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.bucket
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.chunked
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.chunked_even
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.circular_shifts
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.classify_unique
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.collapse
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.combination_index
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.combination_with_replacement
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consecutive_groups
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.constrained_batches
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consume
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consumer
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.convolve
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.count_cycle
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.countable
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.dft
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.difference
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distinct_combinations
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distinct_permutations
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distribute
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.divide
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.dotproduct
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.doublestarmap
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.duplicates_everseen
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.duplicates_justseen
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.exactly_n
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.factor
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.filter_except
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.filter_map
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.first
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.first_true
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.flatten
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.gray_product
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.groupby_transform
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.grouper
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ichunked
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.idft
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iequals
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ilen
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.interleave
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.interleave_evenly
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.interleave_longest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.intersperse
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.is_sorted
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.islice_extended
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iter_except
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iter_index
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iter_suppress
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iterate
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.join_mappings
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.last
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.locate
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.longest_common_prefix
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.lstrip
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.make_decorator
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_except
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_reduce
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.mark_ends
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.matmul
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.minmax
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ncycles
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combination
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combination_with_replace
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_or_last
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_permutation
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_product
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.numeric_range
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.one
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.only
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.outer_product
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.pad_none
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.padded
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.pairwise
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partial_product
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partition
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partitions
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.peekable
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.permutation_index
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.polynomial_derivative
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.polynomial_eval
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.polynomial_from_roots
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.powerset
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.powerset_of_sets
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.prepend
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.product_index
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.quantify
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_combination
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_combination_with_repl
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_permutation
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_product
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.repeat_each
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.repeat_last
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.repeatfunc
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.replace
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.reshape
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.rlocate
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.roundrobin
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.rstrip
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.run_length
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sample
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.seekable
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.set_partitions
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.side_effect
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sieve
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sliced
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sliding_window
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sort_together
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_after
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_at
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_before
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_into
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_when
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.spy
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.stagger
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.strictly_n
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.strip
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.subslices
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.substrings
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.substrings_indexes
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sum_of_squares
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.tabulate
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.tail
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.take
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.takewhile_inclusive
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.time_limited
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.totient
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.transpose
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.triplewise
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_everseen
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_in_window
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_justseen
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_to_each
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unzip
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.value_chain
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.windowed
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.windowed_complete
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.with_iter
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_broadcast
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_equal
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_offset
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://more-itertools.readthedocs.io/en/stable/versions.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162344319.000001E56B8C2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2176546711.000001E56B8C2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148063041.000001E56B8B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2110237158.000001E56AE03000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107209870.000001E56ADF9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152656393.000001E56AE03000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174641409.000001E56B270000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107944208.000001E56ADFB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150297802.000001E56ADFF000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167795749.000001E56AE04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174404351.000001E56B040000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156098513.000001E56A883000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107209870.000001E56ADF9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156782904.000001E56A883000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2159836039.000001E56A88D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151986261.000001E56A882000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2110237158.000001E56AE03000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107209870.000001E56ADF9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152656393.000001E56AE03000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107944208.000001E56ADFB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174404351.000001E56B040000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150297802.000001E56ADFF000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167795749.000001E56AE04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://path.readthedocs.io/en/latest/api.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2101568663.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173078145.000001E56AA10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2185017528.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmp	String found in binary or memory: https://peps.python.org/pep-0263/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0685/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pip.pypa.io/en/stable/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174532215.000001E56B140000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174404351.000001E56B040000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/build/).
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/cryptography/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/importlib_metadata
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/importlib_resources
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/inflect
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/jaraco.collections
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/jaraco.context
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/jaraco.functools
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/jaraco.text
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083519654.000001F713783000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083374271.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F713783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/word2number/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/importlib-resources/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/inflect/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/jaracocollections/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/jaracocontext/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/jaracofunctools/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/jaracotext/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/more-itertools/badge/?version=latest
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172839435.000001E56A879000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174641409.000001E56B270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174641409.000001E56B270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/0Y2k
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174641409.000001E56B270000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pA2k
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2109889076.000001E56AE5B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107421454.000001E56AE54000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107353225.000001E56AF02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2113515594.000001E56AEDC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AEDC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107353225.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150431006.000001E56AC5D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107353225.000001E56AF02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107353225.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107353225.000001E56AF02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107353225.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107353225.000001E56AF02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;r
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AE8F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161675441.000001E56AE90000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162763177.000001E56AE99000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcomunty.com
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2176719353.000001E56C010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcomunty.com/software/AI-Setup4k
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcomunty.comfo
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-resources
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/inflect
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.collections
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.context
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.functools
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.text
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083519654.000001F713783000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083374271.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F713783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-PROJECT?utm_source=pypi-PROJECT&utm_medium=referral&utm_c
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-resources?utm_source=pypi-importlib-resources&u
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-inflect?utm_source=pypi-inflect&utm_medium=readme
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.collections?utm_source=pypi-jaraco.collections&utm
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.context?utm_source=pypi-jaraco.context&utm_medium=
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.functools?utm_source=pypi-jaraco.functools&utm_med
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.text?utm_source=pypi-jaraco.text&utm_medium=readme
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.text?utm_source=pypi-jaraco.text&utm_medium=referr
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149208172.000001E56ACD6000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157050109.000001E56ACDC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150028790.000001E56ACD7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160536074.000001E56ACDC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161879195.000001E56B840000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162298286.000001E56AE33000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153114034.000001E56B837000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162109762.000001E56AE2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162298286.000001E56AE33000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153413787.000001E56AF34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162109762.000001E56AE2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162039857.000001E56B8C7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163561460.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148063041.000001E56B8B1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174050961.000001E56AF35000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150876302.000001E56AF33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105521390.000001E56AD5B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150948403.000001E56A74E000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107421454.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A738000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106193421.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158080452.000001E56A750000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A74C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104990087.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155439540.000001E56A74F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149635986.000001E56A736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157977161.000001E56AF1F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149129206.000001E56A567000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151591074.000001E56A5BA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149722324.000001E56A5B9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160831903.000001E56AF21000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156325520.000001E56A5BC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150211375.000001E56A5BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyp
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156098513.000001E56A883000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2101993721.000001E56AC60000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104574533.000001E56A80A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103900550.000001E56A872000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156782904.000001E56A883000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103030917.000001E56A811000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2101993721.000001E56AC21000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151986261.000001E56A882000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2071478189.000001F713774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.apache.org/licenses/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2071478189.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2071553150.000001F713782000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2071478189.000001F713781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bbayles.com/index/decorator_factory
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gidware.com/real-world-more-itertools/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153981511.000001E56A900000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155753188.000001E56A900000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167873972.000001E56A900000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149442481.000001E56A8FF000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2184936820.00007FF8A8839000.00000004.00000001.01000000.0000000C.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172839435.000001E56A879000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104574533.000001E56A80A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2168090340.000001E56A80F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158384713.000001E56A80E000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104280080.000001E56AC9D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104990087.000001E56ACB4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2168350841.000001E56A810000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A160000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2185017528.00007FF8A8D72000.00000040.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.python.org/psf/license/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2185017528.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.python.org/psf/license/)
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149208172.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153247356.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157943368.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149599042.000001E56AD50000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149389775.000001E56AEAA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150748061.000001E56AEB3000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150028790.000001E56AD51000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156295858.000001E56AD54000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2113842358.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AEAB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161842516.000001E56AEB5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154542928.000001E56AD54000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173897049.000001E56AEB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154340783.000001E56B7D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157228187.000001E56ACCA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161058354.000001E56ACCD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149766092.000001E56ACC1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153907383.000001E56ACC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154340783.000001E56B7D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/W
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160831903.000001E56AF28000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170062046.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160279326.000001E56ADEA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163491408.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2175C00	0_2_00007FF6E2175C00
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2176964	0_2_00007FF6E2176964
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21589E0	0_2_00007FF6E21589E0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2151000	0_2_00007FF6E2151000
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2161B50	0_2_00007FF6E2161B50
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2176418	0_2_00007FF6E2176418
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21708C8	0_2_00007FF6E21708C8
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2173C10	0_2_00007FF6E2173C10
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2162C10	0_2_00007FF6E2162C10
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E215ACAD	0_2_00007FF6E215ACAD
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E215A47B	0_2_00007FF6E215A47B
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2165D30	0_2_00007FF6E2165D30
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2162164	0_2_00007FF6E2162164
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2161944	0_2_00007FF6E2161944
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21639A4	0_2_00007FF6E21639A4
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E216DA5C	0_2_00007FF6E216DA5C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E215A2DB	0_2_00007FF6E215A2DB
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2161F60	0_2_00007FF6E2161F60
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2161740	0_2_00007FF6E2161740
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2168794	0_2_00007FF6E2168794
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2159800	0_2_00007FF6E2159800
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2171874	0_2_00007FF6E2171874
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21740AC	0_2_00007FF6E21740AC
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21680E4	0_2_00007FF6E21680E4
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21708C8	0_2_00007FF6E21708C8
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E216E570	0_2_00007FF6E216E570
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2161D54	0_2_00007FF6E2161D54
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21635A0	0_2_00007FF6E21635A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2169EA0	0_2_00007FF6E2169EA0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2175E7C	0_2_00007FF6E2175E7C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E216DEF0	0_2_00007FF6E216DEF0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2179728	0_2_00007FF6E2179728
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2176964	2_2_00007FF6E2176964
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2151000	2_2_00007FF6E2151000
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2161B50	2_2_00007FF6E2161B50
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2176418	2_2_00007FF6E2176418
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21708C8	2_2_00007FF6E21708C8
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2175C00	2_2_00007FF6E2175C00
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2173C10	2_2_00007FF6E2173C10
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2162C10	2_2_00007FF6E2162C10
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E215ACAD	2_2_00007FF6E215ACAD
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E215A47B	2_2_00007FF6E215A47B
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2165D30	2_2_00007FF6E2165D30
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2162164	2_2_00007FF6E2162164
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2161944	2_2_00007FF6E2161944
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21639A4	2_2_00007FF6E21639A4
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21589E0	2_2_00007FF6E21589E0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E216DA5C	2_2_00007FF6E216DA5C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E215A2DB	2_2_00007FF6E215A2DB
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2161F60	2_2_00007FF6E2161F60
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2161740	2_2_00007FF6E2161740
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2168794	2_2_00007FF6E2168794
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2159800	2_2_00007FF6E2159800
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2171874	2_2_00007FF6E2171874
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21740AC	2_2_00007FF6E21740AC
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21680E4	2_2_00007FF6E21680E4
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21708C8	2_2_00007FF6E21708C8
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E216E570	2_2_00007FF6E216E570
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2161D54	2_2_00007FF6E2161D54
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21635A0	2_2_00007FF6E21635A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2169EA0	2_2_00007FF6E2169EA0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2175E7C	2_2_00007FF6E2175E7C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E216DEF0	2_2_00007FF6E216DEF0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2179728	2_2_00007FF6E2179728
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A81412F0	2_2_00007FF8A81412F0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A81418A0	2_2_00007FF8A81418A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8292B30	2_2_00007FF8A8292B30
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A828C930	2_2_00007FF8A828C930
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8296910	2_2_00007FF8A8296910
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8266710	2_2_00007FF8A8266710
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8290F00	2_2_00007FF8A8290F00
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82AFF00	2_2_00007FF8A82AFF00
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82A9500	2_2_00007FF8A82A9500
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A826DF70	2_2_00007FF8A826DF70
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82AB760	2_2_00007FF8A82AB760
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8292750	2_2_00007FF8A8292750
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A826B350	2_2_00007FF8A826B350
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82A0940	2_2_00007FF8A82A0940
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8275940	2_2_00007FF8A8275940
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82B1BB0	2_2_00007FF8A82B1BB0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8263DB0	2_2_00007FF8A8263DB0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A826A5B0	2_2_00007FF8A826A5B0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82A7DA0	2_2_00007FF8A82A7DA0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82747A0	2_2_00007FF8A82747A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8296F90	2_2_00007FF8A8296F90
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82AC390	2_2_00007FF8A82AC390
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A826C990	2_2_00007FF8A826C990
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82B09F0	2_2_00007FF8A82B09F0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8265BF0	2_2_00007FF8A8265BF0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82769F0	2_2_00007FF8A82769F0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8289DE0	2_2_00007FF8A8289DE0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82ADBC0	2_2_00007FF8A82ADBC0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8294230	2_2_00007FF8A8294230
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A828FA30	2_2_00007FF8A828FA30
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A828F620	2_2_00007FF8A828F620
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8272A20	2_2_00007FF8A8272A20
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82A7010	2_2_00007FF8A82A7010
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A828B670	2_2_00007FF8A828B670
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A828A860	2_2_00007FF8A828A860
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8295C50	2_2_00007FF8A8295C50
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82A0650	2_2_00007FF8A82A0650
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82AF450	2_2_00007FF8A82AF450
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A827BA50	2_2_00007FF8A827BA50
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82A76B0	2_2_00007FF8A82A76B0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82AE8B0	2_2_00007FF8A82AE8B0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82974A0	2_2_00007FF8A82974A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82B2280	2_2_00007FF8A82B2280
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82A7AF0	2_2_00007FF8A82A7AF0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82946E0	2_2_00007FF8A82946E0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A828E0E0	2_2_00007FF8A828E0E0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82912E0	2_2_00007FF8A82912E0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A828B2C0	2_2_00007FF8A828B2C0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82678BB	2_2_00007FF8A82678BB
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A82620C0	2_2_00007FF8A82620C0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8277EC0	2_2_00007FF8A8277EC0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8837B30	2_2_00007FF8A8837B30
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8F31000	2_2_00007FF8A8F31000
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A9397200	2_2_00007FF8A9397200
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A9308AA0	2_2_00007FF8A9308AA0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1A0F	2_2_00007FF8A92D1A0F
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1CC1	2_2_00007FF8A92D1CC1
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D16FE	2_2_00007FF8A92D16FE
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D8BE0	2_2_00007FF8A92D8BE0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D143D	2_2_00007FF8A92D143D
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A933CDA0	2_2_00007FF8A933CDA0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D2716	2_2_00007FF8A92D2716
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1181	2_2_00007FF8A92D1181
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1613	2_2_00007FF8A92D1613
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D262B	2_2_00007FF8A92D262B
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D17F8	2_2_00007FF8A92D17F8
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A9310F90	2_2_00007FF8A9310F90
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92F6290	2_2_00007FF8A92F6290
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1AD7	2_2_00007FF8A92D1AD7
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1EE7	2_2_00007FF8A92D1EE7
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1D98	2_2_00007FF8A92D1D98
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1B54	2_2_00007FF8A92D1B54
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A934A740	2_2_00007FF8A934A740
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1172	2_2_00007FF8A92D1172
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1FE6	2_2_00007FF8A92D1FE6
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A931D960	2_2_00007FF8A931D960
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A93199A0	2_2_00007FF8A93199A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A931DE30	2_2_00007FF8A931DE30
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1541	2_2_00007FF8A92D1541
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1591	2_2_00007FF8A92D1591
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A9315DC0	2_2_00007FF8A9315DC0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92FBD80	2_2_00007FF8A92FBD80
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D21F3	2_2_00007FF8A92D21F3
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D24EB	2_2_00007FF8A92D24EB
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D149C	2_2_00007FF8A92D149C

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF8A934CE79 appears 38 times
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF6E2152910 appears 34 times
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF8A934D545 appears 35 times
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF8A934D551 appears 60 times
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF8A92D132A appears 436 times
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF6E2152710 appears 104 times
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF8A934CD8F appears 253 times
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: String function: 00007FF8A934CDA1 appears 973 times

Source: _overlapped.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: python3.dll.0.dr

Static PE information: No import functions for PE file found

Source: libcrypto-3.dll.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9989650991958289
Source: libssl-3.dll.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9923451741536459
Source: python312.dll.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9994210643762751
Source: _ec_ws.pyd.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9980750902889246
Source: _brotli.cp312-win_amd64.pyd.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.994288643715342
Source: unicodedata.pyd.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9942978533094812

Source: classification engine

Classification label: sus36.winEXE@3/192@1/1

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI63882

Jump to behavior

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: t xml:space=.gif" border="0"</body> </html> overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script> /favicon.ico" />operating system" style="width:1target="_blank">State Universitytext-align:left; document.write(, including the around t
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: set-addPolicy
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: id-cmc-addExtensions
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: can't send non-None value to a just-started coroutine
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: when smaller code objects and pyc files are desired as well as suppressing the extra visual location indicators when the interpreter displays tracebacks. These variables have equivalent command-line parameters (see --help for details): PYTHONDEBUG
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: when smaller code objects and pyc files are desired as well as suppressing the extra visual location indicators when the interpreter displays tracebacks. These variables have equivalent command-line parameters (see --help for details): PYTHONDEBUG
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: --help
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: --help
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: can't send non-None value to a just-started async generator
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	String found in binary or memory: can't send non-None value to a just-started generator

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

File read: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe "C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe"
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Process created: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe "C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe"
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Process created: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe "C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe"	Jump to behavior

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static PE information: certificate valid

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static file information: File size 14451360 > 1048576

Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: tor-browser-windows-x86_64-portable-14.0.2.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\1\b\bin\amd64\python312.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2185017528.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192284158.00007FF8B8CB1000.00000040.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2177832756.00007FF8A824F000.00000040.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192521953.00007FF8B8F71000.00000040.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2191580810.00007FF8B8B07000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbEE source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2182879352.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2182879352.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2189868208.00007FF8B7891000.00000040.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193635662.00007FF8BA4F1000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192912021.00007FF8B93C1000.00000040.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067053849.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193430091.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193117388.00007FF8B9841000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067053849.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193430091.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2190666664.00007FF8B7E51000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193117388.00007FF8B9841000.00000040.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171414817.000001E56A270000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2190383413.00007FF8B7E11000.00000040.00000001.01000000.00000011.sdmp

Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: tor-browser-windows-x86_64-portable-14.0.2.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 2_2_00007FF8A8837B30 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

2_2_00007FF8A8837B30

Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: libffi-8.dll.0.dr	Static PE information: section name: UPX2
Source: _rust.pyd.0.dr	Static PE information: section name: UPX2

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145D06 push r12; ret	2_2_00007FF8A8145D08
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145DF7 push r10; retf	2_2_00007FF8A8145DFA
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8148DBF push rsp; retf	2_2_00007FF8A8148DC0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145E18 push rsp; ret	2_2_00007FF8A8145E1C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145E67 push rdi; iretd	2_2_00007FF8A8145E69
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A814763E push rbp; retf	2_2_00007FF8A8147657
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145EB4 push rsp; iretd	2_2_00007FF8A8145EB5
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8147689 push r12; ret	2_2_00007FF8A81476CD
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A81482D8 push rdi; iretd	2_2_00007FF8A81482DA
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8149327 push rsp; ret	2_2_00007FF8A8149328
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145F01 push r12; ret	2_2_00007FF8A8145F10
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8147F67 push rbp; iretq	2_2_00007FF8A8147F68
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8148F42 push rsp; iretq	2_2_00007FF8A8148F43
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145F56 push r12; ret	2_2_00007FF8A8145F73
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145F7B push r8; ret	2_2_00007FF8A8145F83
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145FB9 push r10; ret	2_2_00007FF8A8145FCC
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8148419 push r10; retf	2_2_00007FF8A8148485
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145C31 push r10; ret	2_2_00007FF8A8145C33
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8147FFF push r12; ret	2_2_00007FF8A814804A
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8146859 push rsi; ret	2_2_00007FF8A8146890
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A814808B push r12; iretd	2_2_00007FF8A814809F
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145CE0 push r10; retf	2_2_00007FF8A8145CE2
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145CE5 push r8; ret	2_2_00007FF8A8145CEB
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8145CED push rdx; ret	2_2_00007FF8A8145CF7
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92F4541 push rcx; ret	2_2_00007FF8A92F4542

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Process created: "C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe"

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md__mypyc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\python312.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_brotli.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt			Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\LICENSE.txt			Jump to behavior

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 0_2_00007FF6E2155830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

0_2_00007FF6E2155830

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md__mypyc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\python312.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_brotli.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-17287

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

API coverage: 5.1 %

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E21583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF6E21583C0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2159280 FindFirstFileExW,FindClose,	0_2_00007FF6E2159280
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E2171874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6E2171874
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2159280 FindFirstFileExW,FindClose,	2_2_00007FF6E2159280
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E21583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	2_2_00007FF6E21583C0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E2171874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_00007FF6E2171874

Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070223440.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164410235.000001E56A846000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2167668397.000001E56A846000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160500937.000001E56A837000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 0_2_00007FF6E215D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF6E215D12C

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 2_2_00007FF8A8837B30 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

2_2_00007FF8A8837B30

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 0_2_00007FF6E2173480 GetProcessHeap,

0_2_00007FF6E2173480

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E215D30C SetUnhandledExceptionFilter,	0_2_00007FF6E215D30C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E215C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF6E215C8A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E215D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6E215D12C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 0_2_00007FF6E216A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6E216A614
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E215D30C SetUnhandledExceptionFilter,	2_2_00007FF6E215D30C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E215C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FF6E215C8A0
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E215D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF6E215D12C
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF6E216A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF6E216A614
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A8143068 IsProcessorFeaturePresent,00007FF8BA2419C0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FF8BA2419C0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF8A8143068
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D2135 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FF8A92D2135
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A92D1CBC SetUnhandledExceptionFilter,	2_2_00007FF8A92D1CBC
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Code function: 2_2_00007FF8A934DA5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FF8A934DA5C

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Process created: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe "C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe"

Jump to behavior

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 0_2_00007FF6E2179570 cpuid

0_2_00007FF6E2179570

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\license_files VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 0_2_00007FF6E215D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6E215D010

Source: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe

Code function: 0_2_00007FF6E2175C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF6E2175C00

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	11 Process Injection	11 Process Injection	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	21 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Software Packing	NTDS	22 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
tor-browser-windows-x86_64-portable-14.0.2.exe	5%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve448.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_brotli.cp312-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md.cp312-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md__mypyc.cp312-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography\hazmat\bindings\_rust.pyd	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\libcrypto-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\libffi-8.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\libssl-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\psutil\_psutil_windows.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\python3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\python312.dll	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\select.pyd	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\autocommand-2.2.2.dist-info\METADATA	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info\METADATA	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63882\unicodedata.pyd	3%	ReversingLabs

Source	Detection	Scanner	Label
http://ocsp.accv.esls	0%	Avira URL Cloud	safe
https://steamcomunty.comfo	0%	Avira URL Cloud	safe
https://api.ipify.orgp	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcomunty.com	104.21.35.75	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/pypa/packagingR	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	false		high
https://steamcomunty.comfo	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/jaraco/keyring/commit/a85a7cbc6c909f8121660ed1f7b487f99a1c2bf7	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/giampaolo/psutil/issues/875.	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.filter_except	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp	false		high
https://readthedocs.org/projects/jaracofunctools/badge/?version=latest	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.accv.esls	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152076176.000001E56A84F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158628343.000001E56A869000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153324985.000001E56A850000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172791241.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151896115.000001E56A835000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156887893.000001E56A85F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161275510.000001E56A86B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_broadcast	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/jaraco/jaraco.text/actions?query=workflow%3A%22tests%22	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#module-importlib.resources	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171644995.000001E56A514000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170035952.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171669708.000001E56A521000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2166624295.000001E56A511000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093279273.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_product	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.groupby_transform	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://importlib-metadata.readthedocs.io/	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sliding_window	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172839435.000001E56A879000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151092176.000001E56A833000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2151506305.000001E56A878000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/packaging	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.accv.es/legislacion_c.htmQ	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://blog.jaraco.com/skeleton	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2078525874.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084047965.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc3610	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161879195.000001E56B840000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162298286.000001E56AE33000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153114034.000001E56B837000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162109762.000001E56AE2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.all_unique	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partial_product	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/pypi/pyversions/inflect.svg	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_except	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.takewhile_inclusive	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tidelift.com/subscription/pkg/pypi-jaraco.text?utm_source=pypi-jaraco.text&utm_medium=readme	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A160000.00000004.00001000.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.powerset	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_offset	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pypi.org/project/build/).	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174532215.000001E56B140000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174776532.000001E56B370000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174404351.000001E56B040000.00000004.00001000.00020000.00000000.sdmp	false		high
https://wwww.certigna.fr/autorites/0m	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2157228187.000001E56ACCA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161058354.000001E56ACCD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149766092.000001E56ACC1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153907383.000001E56ACC8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.pad_none	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dev.to/martinheinz/tour-of-python-itertools-4122	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171644995.000001E56A514000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170035952.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171669708.000001E56A521000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2166624295.000001E56A511000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093279273.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/cpython/issues/86361.	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114566288.000001E56A7F2000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2101568663.000001E56A813000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130028800.000001E56A801000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2164410235.000001E56A819000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2098749871.000001E56A7FD000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104574533.000001E56A80A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105396074.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148970004.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2103030917.000001E56A811000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2130331062.000001E56A802000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2098411305.000001E56A7DB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2098528400.000001E56A7C7000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148526607.000001E56A809000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156852481.000001E56A812000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2099464201.000001E56A815000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150587578.000001E56A80C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tidelift.com/subscription/pkg/pypi-inflect?utm_source=pypi-inflect&utm_medium=readme	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://mail.python.org/pipermail/python-dev/2012-June/120787.html.	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172694753.000001E56A7EF000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162226312.000001E56AE25000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149312596.000001E56A7C9000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148254781.000001E56AE24000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155609929.000001E56A7DB000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160114525.000001E56A7EE000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153078336.000001E56A7D4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173644199.000001E56AE28000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153823881.000001E56A7DA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158988561.000001E56A7ED000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171527925.000001E56A410000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171527925.000001E56A410000.00000004.00001000.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/pypi/v/inflect.svg	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cryptography.io/en/latest/installation/	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ncycles	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/issues/417#issuecomment-392298401	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2172244793.000001E56A610000.00000004.00001000.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consume	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://jaracotext.readthedocs.io/en/latest/?badge=latest	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_when	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consumer	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.cert.fnmt.es/dpcs/	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56AE34000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AE8F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154933151.000001E56B7CA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2156146494.000001E56B7D1000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161675441.000001E56AE90000.00000004.00000020.00020000.00000000.sdmp	false		high
https://google.com/mail	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160831903.000001E56AF28000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170062046.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161759995.000001E56AF2D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2114031169.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152249008.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2160279326.000001E56ADEA000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149862292.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148786147.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149539299.000001E56AF23000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129134474.000001E56ADE4000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2163491408.000001E56ADEC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149569427.000001E56AF27000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/pypi/v/importlib_metadata.svg	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combination_with_replace	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/pyca/cryptography/issues	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.intersperse	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://readthedocs.org/projects/inflect/badge/?version=latest	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://html4/loose.dtd	tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.collapse	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tools.ietf.org/html/rfc7231#section-4.3.6)	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105521390.000001E56AD5B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150948403.000001E56A74E000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107421454.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2107034964.000001E56A738000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106193421.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158080452.000001E56A750000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2105173612.000001E56A74D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2106010766.000001E56A74C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2104990087.000001E56AD4B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2155439540.000001E56A74F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149635986.000001E56A736000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.ipify.orgp	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.one	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pypi.org/project/jaraco.text	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171306040.000001E56A1DC000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/urllib3/urllib3/issues/2920	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174922062.000001E56B480000.00000004.00001000.00020000.00000000.sdmp	false		high
https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170035952.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093166951.000001E56A51A000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171669708.000001E56A521000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093130528.000001E56A526000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2166624295.000001E56A511000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093279273.000001E56A520000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2093254721.000001E56A51B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/jaraco/jaraco.functools/actions?query=workflow%3A%22tests%22	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.countable	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.matmul	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.prepend	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2077514468.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.product_index	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.set_partitions	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.quovadisglobal.com/cps0	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2158411254.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2149071492.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2168852886.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162526793.000001E56AF7B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2170527644.000001E56AF7C000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2174223261.000001E56AF82000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.only	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cryptography.io/en/latest/changelog/	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.bucket	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distinct_permutations	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mail.python.org/mailman/listinfo/cryptography-dev	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2070948869.000001F713774000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_into	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/jaraco/inflect/actions/workflows/main.yml/badge.svg	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2083238326.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combination	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://readthedocs.org/projects/jaracocontext/badge/?version=latest	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2084693821.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://readthedocs.org/projects/more-itertools/badge/?version=latest	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://.jpg	tor-browser-windows-x86_64-portable-14.0.2.exe, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmp	false		high
https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	false		high
https://github.com/pypa/setuptools/issues/1024.	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2173168524.000001E56AB20000.00000004.00001000.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.constrained_batches	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_after	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://img.shields.io/pypi/pyversions/jaraco.functools.svg	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2085644461.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.repeat_each	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iter_index	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.accv.es0	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2147860222.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153154739.000001E56AFD5000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2129611983.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154238899.000001E56B00D000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2152165593.000001E56AFBC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.interleave_evenly	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://stackoverflow.com/questions/4457745#4457745.	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2150126891.000001E56AE8F000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2148185759.000001E56AE8B000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2161675441.000001E56AE90000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2162763177.000001E56AE99000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2175029093.000001E56B590000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.quovadisglobal.com/cps	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169901438.000001E56A724000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2153357373.000001E56A717000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2154971098.000001E56A717000.00000004.00000020.00020000.00000000.sdmp, tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000003.2169693402.000001E56A717000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tidelift.com/badges/package/pypi/jaraco.text	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2086559680.000001F713776000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ichunked	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.is_sorted	tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2087234578.000001F71377C000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.35.75	steamcomunty.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561393
Start date and time:	2024-11-23 10:31:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	tor-browser-windows-x86_64-portable-14.0.2.exe
Detection:	SUS
Classification:	sus36.winEXE@3/192@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
VT rate limit hit for: tor-browser-windows-x86_64-portable-14.0.2.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	Unknown	Browse	104.21.33.116
	b.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.88.250
	Loader.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.162.84
	loader.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.44.93
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.33.116
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.162.84
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.67.162.84
	17323410655ab7b4ebaf9794a98546bfa9f8606c523f625a9e251d1f6b244b39e491609f0a676.dat-decoded.exe	Get hash	malicious	XWorm	Browse	104.20.3.235

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd	OBS-Studio-30.2.3-Windows-Installer.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd	OBS-Studio-30.2.3-Windows-Installer.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd	OBS-Studio-30.2.3-Windows-Installer.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	6.721315996050753
Encrypted:	false
SSDEEP:	96:d72Y51IktHYsaMiUBskpKf/otjOKZ7kYBbPJBj34lVhXg246ae7sXtpHqrd3ejL3:dz51IkJYevIfKJZ7kYj273QJXpHk
MD5:	2C3D55E57EEA6B6E4A4BE649FD1069F9
SHA1:	C938D6517AC0A3AA9C47B6F301D04C11AF8A6C6E
SHA-256:	744C676D333163AD81D24B266E5133611C584F5A580C5082701D3FD6A8D201FD
SHA-512:	4EAC0018F6F983BB37975EB56E514AE3CDBA8DCF1DC9F955F81731EBA25F2A545A16D9E81F335CDC5EC17F752346B71B5698BB53A0D58CCAB93F3D191E225D26
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: OBS-Studio-30.2.3-Windows-Installer.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ..... .......p........................................................`.........................................L..........\............@.........................................................8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	7.041585504283436
Encrypted:	false
SSDEEP:	192:tLbomJb7eLg42ufSAky4s3YeQ807tu/kbBkYj273QJXbnV/9K:BtqICvor/bBZa7gJXxl
MD5:	BB7724B47B6C1F3B0CFB0AB6848A9FC8
SHA1:	5A39391C4FA51ECE3E53ECC415E47C918FF970CF
SHA-256:	6CAB5277B070D1F420E90CCB80F97EA558BCE8EFF43768A6C0B818EF0E778501
SHA-512:	55AC24A7581BD80DBA7D86D04B90A42B54DBFAB51D1C2476811F247515FC410A4DA4775305711C576636B677B503F2F94C96469DF94647F5217832E7934DD5F0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: OBS-Studio-30.2.3-Windows-Installer.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." .....0.......p........................................................`.........................................L..........\............P..L.......................................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	7.039259241149234
Encrypted:	false
SSDEEP:	192:hCbomJb7MQtHa66PQrMd4E+KkYj273QJXhnFvk7G9lk:Et46a6yGKZa7gJXvs7G9
MD5:	E6D25BE0BCC8093F9E79D9042B7B427F
SHA1:	6F0D62061A017A71DB7CA64F2F23BC0C659B3C9C
SHA-256:	CE9B0D915101455F3D1D15B0E28F23AF69EBD34F050D43DA8F7C2CEABFD92C76
SHA-512:	0E55928F51187A590A318FBBBB699E8FB4BE364188177A397800E952A87D6817BD4393BF06A7E2CB8F991DD1004C675AE4738B74E8ED4FE594F82BDFD09E52C1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: OBS-Studio-30.2.3-Windows-Installer.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." .....0.......p..p.....................................................`.........................................L..........\............P..d...................................................p...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	7.0019849554229
Encrypted:	false
SSDEEP:	192:rKC1XDqrH2n4sOK4niou4uiCQxU4kYj273QJXQnII:rTqrymK45oipxU4Za7gJX/
MD5:	FD2D370103167D927EEBA5FF9573430D
SHA1:	420215D7D9F474797402987431A487AC40EC6F8A
SHA-256:	FED9DE86E007141EC486E420059E3D841752EA0C7D452056735D11E7C4B16700
SHA-512:	1894324A905D40C11AF3285F043CC655BC4CDBFE8F62BB8234199910748FD2DE10AD75369259CDFCE9521D11AF585C009D2B046ED22D778EAB04092EE513C8DD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." .....0.......p..P.....................................................`.........................................L..........\............P..(..................................................P...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17920
Entropy (8bit):	7.44538276790286
Encrypted:	false
SSDEEP:	192:dSfcMEwreSc6PXpaxRH1c9+z0QBuR1C+u/s6ficwcHuANwM5mqzukYj273QJXxwK:QfNEwreK8tSUDubR9UHuo5qZa7gJXKK
MD5:	7FCE96038B14661B6FACBE02D714C219
SHA1:	388809935844936CB874F21630A44A6DC2C23FB8
SHA-256:	8E2CEF1B7744A3AFAA06E300E6332EDAE9EB8641A6E37687A3A96A1F15C7E1A5
SHA-512:	0536CD949E25E733A042D23B731B1FB3E80DC1FB42CDCD9EEFEC8109CB8B7190D574A0D93EE654215E7EBE11ABC6ABE42139BD1C93A2F4F628BF2FAA4715AA8D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....@..........P........................................ ............`.........................................L...........\...................................................................P...8...........................................UPX0....................................UPX1.....@.......>..................@....rsrc................B..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	7.10750060735988
Encrypted:	false
SSDEEP:	192:qA1KyAngDiTMsaxwpQSkKtqH59DzIre69y6ESPIFF2GWTkYj273QJXlEnPVW:MyA8Enayu6oZzIz9y6EI2FhWTZa7gJX6
MD5:	75DEE2AE97414A67497CB13A7E4CB455
SHA1:	1EBE78A17602BF598469C6A31D0F8F325D9049F0
SHA-256:	29B61F0670BA8AF9FF037CAF76196F823CA6C27D7B2DF1BFF80DFF9E8B30AC5E
SHA-512:	B6A113A738148CD2F3B10F5184A7AD8ABBBD54E5A125F86C92AB9FFBC45180D579EF5DCEF1B405602BA23DA4EA5F5BADB650FB7E6BDF64DC898ED5FD8CF18AA0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." .....0.......p........................................................`.........................................L..........\............P.........................................................8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	7.098444004640404
Encrypted:	false
SSDEEP:	192:lHRdBLsPZK1vko/1NzFXHDLAN4RzV/uKOJukYj273QJXWH5A:lHxsivPTzF3DLNPu/JuZa7gJX0A
MD5:	DD09C764BC8FCDDF8F8FA092EADB070D
SHA1:	0ACDB5D9325E1EEF56ED4D6F75F121F1019DE49F
SHA-256:	F0333175C8B5AAA48D0C68ED1030A1F1F49209F77407850F90D3526B4BDDE662
SHA-512:	AC0CBF58DBD4636152B0D27D4E72060EFDE24A1FC23648108DFE21C27E41EB1374A45D411B3AC91A428BC0775EC66357DB03BDF73C85C1800AB827E56F4B0D23
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....0...............................................................`.........................................L...........\............`.........................................................8...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	7.366658234710816
Encrypted:	false
SSDEEP:	192:JcwvnyaqcefIn88uRQ/dIVrrnFqrFCJZZoXfXTkYj273QJXtnbR:JzfvuRKIdi6ZZo/TZa7gJXlR
MD5:	50FB3B6DFC6A1B6DE592B659A9C28919
SHA1:	BEABF5C7F1F70E852FDCEAF3355EDDB84CB7E3F6
SHA-256:	BE0FB3C7C36C10F62B163979682FBE8215411C97D4E6AB76A33032B687660341
SHA-512:	D9795DD1B0AAFADA0C6D0F573B193AAAB5BCCC052A66ED49C26AF112F6A7D58D95E8D8AB79172D055249CC1825E5BBDA8D459F9783FC15A140D60D7E251F1E2C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....@................................................................`.........................................L...........\............p..........................................................8...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	7.555212764163484
Encrypted:	false
SSDEEP:	384:Q9OoXmDJJfsg/XTsJaMEgotWVKOVBVvHQ5X5y35Za7gJX0p:zoXqnVXTs/r95VBVf+XUpkp
MD5:	573233E4FBF0FA3DB814355658D02152
SHA1:	D9AA00FAD89D13D33BDCBF0064EF539F74F901ED
SHA-256:	744A5A729D6D5D59E255F01E8132E255D9526D30880DF953F7C10F88F88484B4
SHA-512:	1046716B1E78AA162FA51E8E6C498E63DF08BC63A226B5D87CB5B0F8116114277723FAD8BE8A3C1D1FD91EF6F09A112E00DB1FAEB7E108D51DA31256810CD315
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....P................................................................`.........................................L...........\.......................................................................8...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	6.764641078478404
Encrypted:	false
SSDEEP:	192:frOwIMFi0ZIPRKLZm2HIKI7FAqjkYj273QJX93qz:frKMFiFKLZzHILPjZa7gJXA
MD5:	0AC9D452043A7FEBF5E6E6475AECE8E3
SHA1:	3854D5B4D9C17F22D4D079E15E25FC6B67E5D007
SHA-256:	E0E499CDC6AA3DA978EF259185874773BFE5D57DE62B65FC6BD1025291A50012
SHA-512:	C2580353FACD614773BD220C2BAADC77E614C41905EC785E1ED0BCE6B06146EC45A09CACFFA05E6187E184F642186DA64A93B195329455E94157ECE34ED68C0C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ..... .......p..@.....................................................`.........................................L..........\............P..X...................................................@...8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	6.915975887591388
Encrypted:	false
SSDEEP:	192:kSoS3cBJuphELbARkRzWJ9v07xyhAEkgDkYj273QJXXnYvo:5i/ACRzcvW2AENDZa7gJXA
MD5:	2C7FAEEC165C5485951EEACF21A2BF94
SHA1:	118FC5036890C59C78F5A96519B20EE723A07E97
SHA-256:	3A5AB5C020DA800C8EA4E7D75C27C83C42B449B33993728B22E308AC2779FAA6
SHA-512:	2ACF66AD52295EA62B80018EDCB4997187A992BBF01CDC5D54D4796C2289A2C967D00861BB0BD903DE714808F1BF44EE65B39078AB89C673F8A73FD84F82AB3C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." .....0.......p........................................................`.........................................L..........\............P..d.......................................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	6.90005278335116
Encrypted:	false
SSDEEP:	192:vFKPs19OtUVkzxt8b3jKdr7LxHZkYj273QJX1nGf:vAo9OtPGbGd3VHZZa7gJXU
MD5:	BCE5672E2D78D26EF52073FFA956F2EE
SHA1:	1FA18E661C39A55B4AA4C08C52A53F9259EB91D3
SHA-256:	DAC8E5B99A57F689C1BD5A24C5C58CB99569EEA0C5B9BC16856B3B59D98A6732
SHA-512:	D66AB52AB067443097CC386E4F9D9A056DA391766E70E7C6BD50EC9161B652E5B10669CA7BEFB0C32C78CD3F79B1B12FEEFECE264CBCC95A53DDFFD09276E330
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." .....0.......p.. .....................................................`.........................................L..........\............P...................................................... ...8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	7.452747043036153
Encrypted:	false
SSDEEP:	384:PXqmPF0yHaseAZ2OC4uCDeR0IjhP0G2yZa7gJXQ:PXPajsw41Gjj20pg
MD5:	00FC3F2144FF56678607748101C7F1E2
SHA1:	1301656C0E8446CFF423FA557A7078FF304C31B5
SHA-256:	F0B4E1207867CBD686F9233D69011DD007CF3C939715E46C4D3A600AD506A3C0
SHA-512:	D12C65473957CAEC8890CEA77CF3F2B8E9D7768418A3A3218B65B1DFBECD9EA12124E1062E5500112EE323F1200AC41A0E9B9DF3451F7AE40C8BA91372956D67
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....@...........M... ...................................p............`.........................................Lb.......`..\....`..........l............b.......................................Y..8...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	7.527632457434857
Encrypted:	false
SSDEEP:	384:rXqvtGBvrj1exl5PSYSI5SFDzgN4LZa7gJXn:ry0BTMgYFAFD8CpX
MD5:	068E483215972613E4EBD09E98D946A2
SHA1:	8D9AAA7407C997B6C7AEC847DF2DE08B1FE0056A
SHA-256:	A6986EE5D6C5EB6B564175DF0D6D47CD18E642C7F5AF9C93EBF5B4E4F98991D1
SHA-512:	4EEAEA8A75F92850F70A4051FC0387EED65BAA8BC4AB0488CA54B70338FC6D0DA3DFE42028BDD3657C03C01AAD256C6A86D88109F945C8BBAC768752CD0C2D9E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....@...........N... ...................................p............`.........................................Lb.......`..\....`.......................b.......................................Z..8...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9216
Entropy (8bit):	6.747246956175954
Encrypted:	false
SSDEEP:	192:w51jwkl3nSW/ZHd8M/Y6tkYj273QJXpHz:w5CkwWtSMA6tZa7gJXZ
MD5:	70D8E6DD3124AB7FE5D7F23F0A0E774A
SHA1:	6AF7FC8D3867F4A3BFF72A7D4346B2D4AB3FD9E9
SHA-256:	8A98084750A04005AD051C234CF0E1C42219FE04B4DCAF0F83D9B475170BDD4F
SHA-512:	8C5B3E4C5875AB6BA436455D11D6BEB75113661AEECBFEB94F4AFDDA5B2BCF7FF87C3C91A0B75CEFAC65F1262848221225EBF36753A271DDB0418353D5F8E798
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ..... .......p........................................................`.................................................................@..........................................................8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	7.38810398376641
Encrypted:	false
SSDEEP:	384:6zW51OWrPlPXRWkplBxnEgTa+Za7gJXaf:6zW51O4lPBJpTLTLpq
MD5:	EFB8BED8E7491FC9883D48ADC5D76BBF
SHA1:	25812983173F9DCC0433CF4D6491D031A8F79C61
SHA-256:	17E8532C25E805F54E262CF9FF6ED319F47CE14F4CBEA8A2EA73D754A93EA048
SHA-512:	CC550C2991543390E10CEB9BA0C336B9826443D0D4E9FFE9E70D58D83BE974F63C673B7A9F7AB0E880A85DD9F728B50FBBB5FBA80F10567A926C93F30552FC41
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....@...............................................................`.........................................L...........\............p..........................................................8...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	6.95443292187247
Encrypted:	false
SSDEEP:	192:c3LNqWu7xr5InY8MmVO+AHO4dgOSeWNkYj273QJXRHPnX:6vuZ/3xHO4dxSeIZa7gJX1X
MD5:	EEFBC381AE6016973E31C217B6D758B0
SHA1:	B165774E0769313E8A6D45A1902E45E132922216
SHA-256:	184059ED9AD6799279F0817A4D648FF1CDA38C81257E87FFCE2751FF678758E9
SHA-512:	7274E22ED75C5B5F9D1D8598C3798337F7EF2E59E33781CA9F1CD2082CF0049B1CF0913E8F7CEB1171CD2E126A6485C465C895F13293A5ABD0AE83D1AB9AB071
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h..9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....0...............................................................`.........................................L...........\............`..............H..........................................8...........................................UPX0....................................UPX1.....0.......&..................@....rsrc..............................@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	6.708259135829596
Encrypted:	false
SSDEEP:	192:8rOwIMFi0ZIPRK4EtpwEHW8hVkYj273QJXD3pT:8rKMFiFK4KL28hVZa7gJXV
MD5:	0A79C221757B55CAE16EA338D7654471
SHA1:	FB92B8A30F8FF8660E9C27856D3E8807BBE7CB12
SHA-256:	9B863433A00515B060B379AB481D2DEE787A491E1EE29AF959DAE525002613DC
SHA-512:	43325FF05B33389966AEB9A1B426442BFB4452A3DEC239D0B22EF063F92445893B7B822C69ED10B95C0D0F72E47632F1AB3884BE16604BD767AB735B469F4D85
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ..... .......p........................................................`.........................................L..........\............P..X.......................................................8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	7.069717543323313
Encrypted:	false
SSDEEP:	192:MTrOwIMFi0ZI2ZdnYIvCVCZK+vkYj273QJX1nre30:irKMFiKZdnScZ5vZa7gJXdO
MD5:	5D0106B0D1DA6C2DEDC8455A0BB993EB
SHA1:	D5E85DD532390138AF68A445F42AE92F9DA4ED0B
SHA-256:	DAAEDCA16C357615439A9A2AE53A1DAD3D5A700DC5F92633337F0D9046F7D388
SHA-512:	7698D7D9F98DD332732065C1FD2FDC1A8EEB6840B62A2DE21BD429C5F6FBEDB9E2F8F825D1876A24695A5211B20D77AE0299A045DCD43BD50E25561FADC54DCA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." .....0.......p..0.....................................................`.........................................L..........\............P..@...................................................0...8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	6.999291282196889
Encrypted:	false
SSDEEP:	192:xfrrOwIMFi0ZI2b8JcuFqNF4m2nlQXku17YhkYj273QJXbnKu3p:FrKMFiKgJcuUNFEeP17YhZa7gJX2+
MD5:	E51F40B42EE430C908229A31FA2EF83A
SHA1:	C6476C71BA2561E0230AC34E7257A61A86653279
SHA-256:	3F882CA1088017E3EDDE8CE31C3F9A1B09016FFDC2BBDA2674DB7CCA7D3F5196
SHA-512:	BB4708F1A241ACAD22F6055CD8CD88201D284FFE04CA5A5D2525BD7186A646932E0CFBC464870F3ED0A5E6966D6FA02FD0183C57446BDCF1DBE550DD12052483
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." .....0.......p........................................................`.........................................L..........\............P..@.......................................................8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	6.904240110386442
Encrypted:	false
SSDEEP:	192:Uk1XDqrH2n4sLKhXRJRzkQMz0jofSYX6NkYj273QJXinoY/R:jqryjyXRLAQE08fQNZa7gJXl8R
MD5:	FF4B2138EEB9357ADB7BE377D1DDDDE0
SHA1:	721CE94693E5AC7982E9A516D9E1652E3F2E10B4
SHA-256:	55B6A3024FA7262E7033F9037D2BA87523F9CA4A52E35C37868F6DEB63B29128
SHA-512:	5A413D890350DA7D61A5466818FC72EC5DBFAEBF4F8E85C244E30D5DB9C40AF4E81C9930127A456BFE06D0B3474F2F871FAEE5F1AA6DECC713700E55E8E5FB49
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." .....0.......p........................................................`.........................................L..........\............P..(...............$.......................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	6.98436566972705
Encrypted:	false
SSDEEP:	192:ipgm23TF55OsDTBHeLMU+0w+Ei0J/Tta+UdmtkYj273QJXbnBokQ:7zUsDTt0y+iFUdmtZa7gJX9HQ
MD5:	A17DE280D44190CD014E09343E54CCD6
SHA1:	0EB4E624E5F1F3BF966213A63FFFD9D015E2B228
SHA-256:	7FB778BF2344533D82320DD1D705672B5FCF38B349B87F47C92FF70CB067F800
SHA-512:	AEEC47E9C85ACC88F1C3EE21D64059ED460ABB10A070561E764994B6A0C1644B14BAB67BCF9874B55A93468B5C9DC23AF7EEAF66FF2F05989FA7D9E4097FB28B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....0.......p..0.....................................................`.........................................L..........\............P..(...................................................0...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	7.099770958825901
Encrypted:	false
SSDEEP:	192:Ji1clPrWUqC02ilACSK7TzeWT1ekG4HDQr+Hh2i58gD9uzAOSkYj273QJXZnWa:4ClPrr02SNPSmJG4rMimZSZa7gJXA
MD5:	E6A7F81A9AA0B29A3476A1CFAF0DDBAC
SHA1:	348CCE3FF894B22023B5BBCEDA64336FDC8FAFE4
SHA-256:	0D823DCEE7ED77F047DAFCFF08137834A1300C646563E7AFB7E187085E19B6E0
SHA-512:	6F1BA4F4BC9229A093C4F7D5EB166C96D0BA16ACD232A2580AE502A847CE73745862EEB68F52F19613F26383A667B381B9F838B94FC39C2507A9BDAD310047F1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....0.......p........................................................`.........................................L..........\............P..X.......................................................8...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	7.0861687844835055
Encrypted:	false
SSDEEP:	192:qLrOwIMFi0ZI+5/f8WjXICC4eGi//I4+qkYj273QJXhnt/u:ArKMFiqhfFXIRhDg4+qZa7gJXX2
MD5:	5BB80A4F1F593F61DCC3471419A1BE7D
SHA1:	9C93659825014E5D873AFAD998CC66F470BE2825
SHA-256:	4E41B0EA25652226B9CDB427362EF2A8EDB65DF4E86D9EF53D81E2BA2AB82203
SHA-512:	0629033A9EBEBB06656CFB942C0CFE70FAFF2794206CE0967E32F1515118E6449EF12FD3521BB4DBB093D1F5A9EFC88B1DD32421D5454BDAB859813F8F90F2F3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." .....0.......p........................................................`.........................................L..........\............P..............$...........................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	7.2165235597105335
Encrypted:	false
SSDEEP:	192:x3LNqWu7xr5e0B08ZKY34+170LmTIHeIQUAHp2TkYj273QJXLH68:5vuJRZr/1SSIHSvpaZa7gJX2
MD5:	049F934A7D2BC5AFFEF87A89DF5CC205
SHA1:	86494A43BBA527B8E4B4926699B74309BDE9F6CE
SHA-256:	158875B358E0475A9985104034A9CE62F6F3A7ED191D823B6B70F3E8479EBBCC
SHA-512:	12CED430F0FC05D8D70E0EB102EB1E06A8428FE5D84A2CCD3606EA52F1F5B29E55ADBCD1DBC62811DEEA581C44800E717BBED1D7B12B474F0374FB6734050C3C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....0...............................................................`.........................................L...........\............`..X...........$..........................................8...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	7.257869356658698
Encrypted:	false
SSDEEP:	384:T5bL5JdKCy6Lqo3CxYzoA+sm/NdNgtZa7gJXb:TNd86LfCyzoA3mljipL
MD5:	A9BC3A0C9E1836F85948B7A7C2741E09
SHA1:	A59EDD974D238CCD23A915C6803E5CA2AE59C480
SHA-256:	15CC1E598827A614268996561B32476AF9654CAEF9C4A0AA5E9299A9D72C62E6
SHA-512:	B2A65FD3AB617ABE7A03C0E3A6E9FCAA957F83FAB92C1DB73574B7D05E6A0DBF0D13B949A70D818645C14A3D651E4F889032E95250976E8BE0F53340EE162589
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....@...............................................................`.........................................L...........\............p..............4... ......................................8...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	7.257827310821981
Encrypted:	false
SSDEEP:	384:o5bL5JdKCy6L/58g+eYXELL43mi12j9+t4wZa7gJXb:oNd86L/yNjULLK1qo5pL
MD5:	75449B954EF15E958A881CE1A58DC089
SHA1:	689B4FF7695A9F8389D8C8B768B11E82DA9FA3BE
SHA-256:	5B6C42636E89EB321469B51D3468DE51E9B27A3935EB90183CE842036DF68DC5
SHA-512:	A8D5E58965E4F52ADAC1750AEBC0FF3C31834B71EDC4C05850B7173C988E0979B09CB2BAC2CFB7599210AFF3C5B5D17DE84E18E91335BC9C7B74CE2DA1E4D8B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....@...............................................................`.........................................L...........\............p..............4... ......................................8...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	7.335277481327763
Encrypted:	false
SSDEEP:	384:YaQeWO7PzpfLJigFDR0h7UiBKgI0tDZa7gJXd:xWCPlfVh3y7DBS0Vpt
MD5:	FD30BE87A7F051B7CEDAD875A4686D8A
SHA1:	640AD84B3B00FC7224D8E3E32C93095D12F81807
SHA-256:	1257363D570AE540D8654AD5EEF530C3C05A66B1BC4CA58DC4A9845372548BBD
SHA-512:	86E31076F0DD0AC91FFD5C4BE8AAB5C6274CD1C73CA9C6FC4B9F219F4B584B1B826B9A69CC35ACE0A5D44DAFF1802F6C8D9EE2B82EF580A88BCEF306300F07B7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....@..........p.....................................................`.........................................L...........\...........................4.......................................p...8...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	7.41112514918361
Encrypted:	false
SSDEEP:	384:NeaQeWdfOexy9B3MC0uklIrDOxPvZa7gJXQ:NfWg2yjF0GDOxXpg
MD5:	12B66552F73FE03F30F546BEE57D7279
SHA1:	D0436DFA5EC295BD47DB08D023C4AD4230EFB6B5
SHA-256:	810079E59D51AA980C5AD5942E0881CBA44BF40026CCBA58964FC647C5054A90
SHA-512:	DB7F548194B677AD0F3A5405D89A21AB2D4BC7772DD9A9048B5015DEBB6A6994B9276A9D8E26483E9610C05874DDCDD3953AD0C8E305E31BDD8804463DD4C5F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....@..........@.....................................................`.........................................L...........\...........................4.......................................@...8...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	6.965304617922568
Encrypted:	false
SSDEEP:	192:dGK1CChUEjQPmO8MkWRlRJ/UB6FRsIHkYj273QJXu3bpt:UJVFlUB6jsIHZa7gJX2
MD5:	2BF5B7572D7783B266EAF86C749AC484
SHA1:	FA2BCEE7C10F6434059B79F5B6AB0EBA5D4A591E
SHA-256:	842C28C8687A642BC5C6DD502D730E40E0D71401BCEF5F5809279142241C550D
SHA-512:	DAF1DDCE4612B72181DB48399A4BBAF70B8E28F50E6992D3887AEEA7EEBC752985F56627A3DD8772B3AA1B4ABF6A48B4BAA01788DCE5187B3FFE36D19C3E3D72
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ..... .......p........................................................`.........................................T..........d............P..........................................................8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	6.847627164690376
Encrypted:	false
SSDEEP:	192:QN1CChUEjQPmO8HCD/yQEVJLflLfB1fiorkYj273QJX8nEJ:3J6A9IJLdfB1fFrZa7gJX3
MD5:	10056DFC8DDD44CC06150F093245C160
SHA1:	232E225E4559DBC8A230A7FE193138F1993AC54B
SHA-256:	D542395F976F9436E5E892D753B4CE5D8D46B98E313DA26519B26757FA24670D
SHA-512:	27DD1780B449DA6CF205689691F70775E36705C37425B3F0DF8876EEEFB04830E41D4BE830AD6FE9A9D9783C1364EC4AA63D2E1E198DCEF17987FB33ABA74147
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." .....0.......p..0.....................................................`.........................................L..........\............P..X...............$...................................0...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	7.019759823328802
Encrypted:	false
SSDEEP:	192:pp1oHdD3VpsdrqkCphVavitay5xyvCBfd9Gkm6orkYj273QJX0nJ7:s3fKTCxavinyaZeAorZa7gJXG
MD5:	60625A54C5510D87FB2FC55A33274CF9
SHA1:	F98EC281990429FA62D8E24E8E337368930DAAE4
SHA-256:	C42B8ACE5CDE98F141301C671E4255E3F132A400396C5E6441F2A95B1E079549
SHA-512:	90587C3F669092D5B86CC9F62D00510ACB2E10EC8B0F0AB26960E03C02E86C26360C5A101B4AC924521DC8E55323DC8A2B664AE535A8C259BAECEC306CD3087D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." .....0.......p.......................................................`.........................................L..........\............P..X...........@..........................................8...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	7.0330491725625
Encrypted:	false
SSDEEP:	192:Q6W17kMnWzpM3mXoEdh29xFeOSegeNkYj273QJXtnME:QwMWzpMWXoEbFOSegeNZa7gJXu
MD5:	121238CA4832015A2429DD6F3512F833
SHA1:	1DC658E4EEC0A731FBEEAE99C64DEF6FAEB85F69
SHA-256:	0EC29593189A9321AEA9236CC88A8C9B58B3440E8BE9D7EFD65C85BB7E5C6E4E
SHA-512:	26BBBA278FE74DEA8F39F5A41E810783AD18BEFE8579DE552EABECADCE7E3827BFC2D034EE872BF801F9A54BAAF959E9AFB379EB53A4EB1054363D2CCA260AD8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h..9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." .....0.......p........................................................`.........................................L..........\............P..\|.......................................................8...........................................UPX0.....p..............................UPX1.....0.......&..................@....rsrc..............................@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	7.582234195865062
Encrypted:	false
SSDEEP:	384:SVPYY2Eqk95s92Jd5yYA2ocvSmO8wapXyxIgTeS488QKvZa7gJXx:ewY2pk9dHKWvSlDQcI1xph
MD5:	93A2FC7C8EB10030EB45B118548B53D5
SHA1:	19054EBE282F106CBA676742FF42EFC79DE59837
SHA-256:	6E8E5FAA9B7AE63E07693B41799F749093A02E518EBD86DFD688AE734E98C671
SHA-512:	DD235FE97EE9A0C4B2FDEBA5F632129865DB3DB86259C02F9D9728511330BECCCF8BE7B1E9B179B729DA2CB4A94C9A68906EEC94FCE81201AE170494BEA76C7A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...\|...5...}...~...U...,...u...,...v...,...}.......\|............._.............Rich~...................PE..d...^..f.........." .....P.......... .....................................................`.........................................L...\|.......\...............<................................................... ...8...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	6.7816437661656
Encrypted:	false
SSDEEP:	192:rg1QdqOkpEh83hgAXfW2OAAh6wkYj273QJX43Oyb:rbqO+Eh8xgAX+2OZ6wZa7gJXV
MD5:	1AC3E0138FF30096F0937F938C902FF7
SHA1:	E4F49AF5429FF9A15DD389F984DEDFE43AA7912F
SHA-256:	656A6E38AA91EFB8CBA4308551CBE1647A9F76389BAA1B6EF8103633FB3603A1
SHA-512:	90B61A6665A88059518889B9439675691D506C88A3A164A5A1B42B765F1C5DECFE64D078E7F969FCFF4746E2B3FDA496FF1C256E6C760A96227726219EC28A53
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ..... .......p........................................................`.........................................L...d......\............P..4.......................................................8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve25519.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	7.264664149380351
Encrypted:	false
SSDEEP:	192:0NdFl9xgCYsB43vddIU5PU7XBtKZI0TWTMxpfEVt5jhjBDfuZDkYj273QJXO3R2A:0NdQPj3vdJ87fWT3xy19baDZa7gJXA2
MD5:	F6F90127990AA8094A5EE8B64BF5A25F
SHA1:	F881DFD0794531A2F23D08D6B4183F32D112FF63
SHA-256:	DFAECD1EE60BF8785BE9A3264602E0A0BB28D5DDF983E7705EEC22F79A07794A
SHA-512:	324DB41B16C6EBC96FF50F1448BCEF5172E55D105F54DF28AF16CF61352151A792DA157409D1B67BD7B55480D525736A3C62D270ED474BAED09E7D968CD50911
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....0..........P.....................................................`.........................................L...........\............p..............L.......................................P...8...........................................UPX0....................................UPX1.....0.......0..................@....rsrc................4..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_curve448.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	7.709093804241634
Encrypted:	false
SSDEEP:	768:RGkgn0uw0f9tuMgZj6SgoM+mHh8zBhOsbipS:kk60qf1SxM+Sh8zBZbH
MD5:	3BC254EB74AA919B1E77C71505306F68
SHA1:	0A7D3BB6BA93CAE2CAF41207B60566690C50502D
SHA-256:	CCF351CA444227C1B2BBD88B23D965082ED2AB8955BF3218CE15B49B09F17F37
SHA-512:	B5F0DCCC9D424D0EFC050B27478A9CF1AC8C75F9ADA8FD321091392C68BBC8F8E25617EAC3983FFB4F9C0DB6CA0B8763E0E41EA4C93925B70EC3AC5C243F54D4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...\|...5...}...~...U...,...u...,...v...,...}.......\|............._.............Rich~...................PE..d...\..f.........." .....`..........Pa....................................................`.........................................Lr..0....p..\....p....... ..$...........\|s......................................Pm..8...........................................UPX0....................................UPX1.....`.......`..................@....rsrc........p.......d..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	640000
Entropy (8bit):	7.998704897182076
Encrypted:	true
SSDEEP:	12288:PIahn0k2jt5j5hjcFCGQNKQ8J2NWqZxjYDHJrX2cQ6GFlBg+cogRfG9jU:P0fX9pcXO/NWixjYrJdCHqVVsZU
MD5:	B5DBAC8FEA6E95E9F7D3754FE1C7A198
SHA1:	10D08BF86DEEB1E58E1CB2B68601B9B6C17B9738
SHA-256:	472151F81BAC50922AEFD2DCCBE7BDA082D15AF95C2749EC95FFF64363F3672C
SHA-512:	0F25040CB142E0DB883B8B94B8F757DD1EB77E452B5C279246D9D02AFA6C934E6A79F6BB3B84FD40FA6E3568C209EE19628A9359467584CB0F9AD56325F81E91
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." .............`.......p...................................@............`.........................................L2..h....0..\....0.......................3.......................................*..8...........................................UPX0.....`..............................UPX1.........p......................@....rsrc........0......................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	7.365125845689717
Encrypted:	false
SSDEEP:	384:sGBfc1QlWR3bEsLMf6Ufn10euH/4hZa7gJXN1m:sGkQN6awqpd1m
MD5:	9234681AE65FF9F6B5278407EDE1D03E
SHA1:	1C938927279F0718512496611B69E86CABD8ACA5
SHA-256:	FA815A3B065D423DD73A361EBA170C8B6825529F25F4CA3F32968A12BB364CE2
SHA-512:	69C3FA558574C950FFCCD1F2BD3A090F8E129BBC221FE03B5C4AA6428C3955871A7E8736C84986BC72DBC502624A052DC50E4053145103A69700E2575A09AB40
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....@..........@.....................................................`.........................................L...0.......\...........................\|.......................................@...8...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	7.764536138341586
Encrypted:	false
SSDEEP:	384:+YWTbll1RIaPUAc5BjOxy2VANd9N/Q6/HgnhkX4ts6GGZa7gJX7AgM:fablfRBPUAc3j32VANdTQ6fzX4tlprA
MD5:	02A9596AD840DCEA60FA6D52F8BEE945
SHA1:	3E7A5751187496CF9538347B4B81A42E4532E706
SHA-256:	7459473F494866B3828869FA96564FD35D32BD6A7904522BD53084C16763EA2A
SHA-512:	AD0E397E12662059B45A313B4E68C00A90F77CA387766257CFF18BE318C77CF16850F44A9FFB0E1821CD2DBA3DDB152FD67FC8121E6772B2B551404B40121576
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...\|...5...}...~...U...,...u...,...v...,...}.......\|............._.............Rich~...................PE..d...^..f.........." .....p.......@......P................................................`.........................................L...h.......\............`..l......................................................8...........................................UPX0.....@..............................UPX1.....p...P...h..................@....rsrc................l..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9216
Entropy (8bit):	6.706733620766704
Encrypted:	false
SSDEEP:	192:g51jwkl3nSW/TftRVw61csNbbNkYj273QJXpHj:g5CkwWbft0rs1NZa7gJXJ
MD5:	D99FAD915B5F7BEACC6FBFC981EF7C6B
SHA1:	DA98B3640D42FEC05C2D7A540E3E06336825F4F0
SHA-256:	F82BF7B4856EFB676E05EF34447D03423FF13A8A3F57457A257A4DB7FCB8453F
SHA-512:	F9F810CA818CDE0E4D065BD138B99D26D3B8121E2745E3EB23DFA0881E43353ED0384B9658144B5D9FAD15CBB67587A0E44F0DDA5B4E06A8780E33039303E8F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ..... .......p..p.....................................................`.............................................\|...................@..............\|.......................................p...8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9216
Entropy (8bit):	6.702844475658512
Encrypted:	false
SSDEEP:	192:HohKeeuBxm0jMuCicColTjCu9WkYj273QJXEHj:IhxpgTSu9WZa7gJXw
MD5:	E0A33DE4E09E7810A788C9140B26277B
SHA1:	8E874FC12BEFC50AB2A91FA2A0F271B60B0BC718
SHA-256:	585F0C6B9C0AA6B7C7FCBFA7BBB9FBBD14340A0B65F32E14D75AB80CA2AC5BCB
SHA-512:	39088711CC8816E303548653FCDE48666E1427F180EB2DAF18367937151469D03C88371440CB495AAB4AD35DD78269EF7F4C598A96F0AADC64F3B99394979F58
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ..... .......p..p.....................................................`.............................................t...................@..............t.......................................p...8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	109392
Entropy (8bit):	6.641929675972235
Encrypted:	false
SSDEEP:	1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
MD5:	4585A96CC4EEF6AAFD5E27EA09147DC6
SHA1:	489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
SHA-256:	A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
SHA-512:	D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38680
Entropy (8bit):	7.696873540555824
Encrypted:	false
SSDEEP:	768:oJSccN4rYjmVdRxZc6MCipEJIGOng05YiSyvSeEAMxkEX:o8j4r7DmCFJIGOnge7SyaeCxT
MD5:	BC5F1A631A5B2B0D874654CA17C327A7
SHA1:	D391E3198D69FC420F737D9FC31153892DED57DE
SHA-256:	A889045C5855D964B490FE6413FECC34D03FEA5B5925C722655885AEA0BD5B84
SHA-512:	4B2D46DFF34045E7ECA25B24831172A803BEDB84248C2EB8BC438BB672BE8D1F8374149DD2335CE437A7F8E8AFF3A4EBD025E90AC58319A420C5C6CF5748078D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:.T.[...[...[...#*..[...'...[...'...[...'...[...'...[...&...[..M#...[...[...[...&...[...&...[...&F..[...&...[..Rich.[..........................PE..d...Q..e.........." ...#.`...........9.......................................`............`..........................................Z..P....Y..P....P......................D[.......................................E..@...........................................UPX0....................................UPX1.....`.......X..................@....rsrc........P.......\..............@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_brotli.cp312-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	279040
Entropy (8bit):	7.992754100181066
Encrypted:	true
SSDEEP:	6144:1MekaHmIW3JkTJGnlffcRwF3sfDhcpntP43tSy+54JO:WTB3UWXQipu3t7c
MD5:	0EB17C658E41394A867A4C185D19F220
SHA1:	EFD39F6E8D7679181D1BC05930C4414857A444D8
SHA-256:	8768E373A4E82722CFCAB2511544A9C2A6DC8FBCC59475986A68C59135917907
SHA-512:	1401258D859E1AD7D10162CC2E132706CCBE10C5F48A4A36F2386E3811ACA1F040A32D3E6B13DFAA126E6AF42610692E1F9B0FC221DCBCA38C45746D73451BF2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]ws..............n......j......Rn......j......j......j.......k..........$....k..9....k.......k.......k......Rich....................PE..d...7..d.........." ...#.@................................................................`.........................................,...`.......<.......................................................................@...........................................UPX0....................................UPX1.....@.......:..................@....rsrc................>..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49944
Entropy (8bit):	7.783132151019094
Encrypted:	false
SSDEEP:	1536:G/onT0xi3xXtfwYf5CVW3Bd7IGCVwU7SyixL7:G/k538e5CIRlIGCVwUO7
MD5:	7B93D289D8342003264EA364E707A929
SHA1:	C48CC5668FEAA94C6BD2D6A869227D818ED03398
SHA-256:	56FA7963B53BB2DADB6B6AC669084521D5873923C16192030D3D8A7741F8C720
SHA-512:	26521252685A52C331204CA1C38E3E80C31E16209B6016C433FEB0348B40240E17094C3A51723839496F1906CB4A1472752AAA1CC135D61D23D681A485C3CD90
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.l.3...3...3...:...9......1......0......>......;......7.......0...x...1...3...l.......;.......2.......2.......2...Rich3...................PE..d...f..e.........." ...#.............e....................................................`.............................................H.................... ..,...................................................q..@...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	73216
Entropy (8bit):	7.915393474934398
Encrypted:	false
SSDEEP:	1536:rYKYjVhOKr5WNqYZbeKaMoxrZQmAQqdtXEb53a/Tw:1YxEkW91O/mLQqdOl
MD5:	9C42595725784639A9490FD262B79994
SHA1:	02D555F1B62C4B6B7AE98ABEAC129856024BBEDA
SHA-256:	C7FE8E9CCBEDF87171A604E5406CBC65520DBBBFC750DCF0432B56E63F1A12CB
SHA-512:	F1F1ADCDD807AF48C6282F079B34DDAB2A043D6145B667C79F0E53D482CD404FF03132E20BC88D43872E0A0AE1C17207C8C1524B33BE87F4B37235A2A6BB35C4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a..#%p.p%p.p%p.p,..p)p.p5.q'p.p5.zp!p.p5.q!p.p5.q-p.p5.q)p.pn..q!p.p6.q&p.p%p.p.p.pm..q!p.p,..p$p.pm..q$p.pm.xp$p.pm..q$p.pRich%p.p........................PE..d...W..f.........." ...). .......@...U...P................................................`..........................................s..l....p.......p..........T...........ht.......................................a..@...........................................UPX0.....@..............................UPX1..... ...P......................@....rsrc........p......................@..............................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	60696
Entropy (8bit):	7.822216451119025
Encrypted:	false
SSDEEP:	1536:kbK/YBHE2gCtX+/9zyeoVIkwLMzKep8z+IGLPAt7SyWxU:kGAK2ghtGIk6MeeGyIGLPAtz
MD5:	39E76F6794B87D7B0AF9CB3A40009736
SHA1:	B23BE9B2F1DC5EBDB1A5B4E75BD423A3777DCB03
SHA-256:	479EAAD69BCBC8BD6CC4F0F3411A92185B780C80687A9596D3F283EEAA68D171
SHA-512:	193F420CDEFC11AFF1891C4E0E9D02EE7A9C718B446FC42B2363A1539D0A1ED78E7054C33D1EDBF443A8664D68A31C510A1ED1F48DC561ED5773D1F2DA770E04
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.z.z.s...\|....x....v....r....~.....x.1...{.1...\|.....y.z.......\|.....{...o.{.....{.Richz.................PE..d...c..e.........." ...#.............-.......................................P............`.........................................HL.......I.......@.......................L.......................................9..@...........................................UPX0....................................UPX1................................@....rsrc........@......................@......................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	108312
Entropy (8bit):	7.930158683046724
Encrypted:	false
SSDEEP:	3072:RnHQe/FKYjTnmuJkv4D5ZIBGeKHC6ajQ6BWIGOqmbtbb9:RnHQe/MYjTnDJRX6Ge16ehbhx
MD5:	07BB60C9039423EC170ECB6550A5E685
SHA1:	556A754DAE6813883144F4DEE755DA68FD5197BE
SHA-256:	A0DD49BB57B6EBB78482E6E4CDE24D358EB676C7A7B29B217379DBD90F985DA6
SHA-512:	07414189A52A84672C3F9BA6D598049D005958F42195BB38FB58751F3FE345C267DBB4142B80157CB31F96DCDCBBFE69DA1F97E6D5E9BC7EB7DFBA5F982493FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.R.!...!...!...Y=..!..+]...!..+]...!..+]...!..+]...!..M\...!...Y...!...!...!..M\...!..M\...!..M\...!..M\Q..!..M\...!..Rich.!..........PE..d...T..e.........." ...#.p...................................................0............`..........................................,..P....)....... ...........'...........-..........................................@...........................................UPX0....................................UPX1.....p.......f..................@....rsrc........ .......j..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	36120
Entropy (8bit):	7.670439671412394
Encrypted:	false
SSDEEP:	768:6uKW7574DsajR20fnfPHz8HLP8pfbnIGOINg5YiSyvIAMxkE3n1:JKW7hq00fnTQEbnIGOINy7Sy+xzn1
MD5:	E9817DBEB15E1C4EB8E83E2290F566DA
SHA1:	FFAEAB66BFD23AE65FD3EC56C14B5359FB1DE0F6
SHA-256:	CC47548D1B9AE5293756FB75373482299C745FCA8C0A68C9C8779073EE4F59B1
SHA-512:	109747ED8ED939895224BAF2611A3D90AE23CACAC8B38AA6966211306AED85139065703869321A9394F6A788C750FDF1E49161C0E65E43C048D43F657B74EB63
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.U&...&u..'...&u..'...&u..'...&u..'...&...'...&...'...&...&M..&...'...&...'...&..9&...&...'...&Rich...&........PE..d......e.........." ...#.P.........../.......................................P............`.........................................\|K..P....I.......@.......................K.......................................;..@...........................................UPX0....................................UPX1.....P.......N..................@....rsrc........@.......R..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	87832
Entropy (8bit):	7.91726740491422
Encrypted:	false
SSDEEP:	1536:cRQY6vZR307kwHMn3NsbM5PlvQzSqoSdPN1uruZkU2D90nGt4pcgIGZ1rA7SyTx7:uQY6nEZe3NsbI1QzSwlaugudNIGZ1rAP
MD5:	34549863E00005080416DC1D3827895F
SHA1:	DE955741C90CAFF0F3401BEB66AD4AC83DBE9DCF
SHA-256:	44C0D49356E2BC5546B6F7CA8F290821DA336561DA275EC02EDD055BEBC1C90E
SHA-512:	3C9D94EDA63FF57F0CE58BA2156B9922C453D5700DEC625253146B4F292F0F9175D5ECD6AF30FCC98B0F29D864F5821D3DEF6FAE54D66B5167FFE342B76C3801
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TB#.5,p.5,p.5,p.M.p.5,p.I-q.5,p.I)q.5,p.I(q.5,p.I/q.5,pnH-q.5,p.M-q.5,p.5-p.5,pnH!q.5,pnH,q.5,pnH.p.5,pnH.q.5,pRich.5,p........PE..d......e.........." ...#. ...............................................................`.........................................4...L....................P.........................................................@...........................................UPX0....................................UPX1..... ..........................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	27928
Entropy (8bit):	7.494153215552285
Encrypted:	false
SSDEEP:	768:PDAcYfayYp5z4IGWt9x5YiSyv2pAAMxkEn:EcCGz4IGWt9/7SyOOxj
MD5:	8B840CB3413AC1B0B77E003D585B474E
SHA1:	F6FA5B9D0CD00881BE0A0EB8B40EE02BF772AFB8
SHA-256:	6D014026BC88DBE37D53B50DD18AC3DC9E1C02A597CC3BD7A6D4F4C44AC65C82
SHA-512:	D3608EFE3B08DF7482D1695D719A0265968BBD5A32D09001DA203CDA4D1CB6567BEAB903ED72629D5F15724B01E7918D54DB43AD3E1E05FC663362D5CD9F968B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)*.wGy.wGy.wGy...y.wGy'.Fx.wGy'.Bx.wGy'.Cx.wGy'.Dx.wGyA.Fx.wGy.wFy.wGy..Fx.wGyA.Jx.wGyA.Gx.wGyA..y.wGyA.Ex.wGyRich.wGy........................PE..d...W..e.........." ...#.0................................................................`.........................................4...`....................p..........................................................@...........................................UPX0....................................UPX1.....0..........................@....rsrc................2..............@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	34584
Entropy (8bit):	7.637658154374066
Encrypted:	false
SSDEEP:	768:JqfuLYw3hSxhiMM/v3Lhsr5bm7p6j7IGXt9P5YiSyvxM6AMxkEw:JqfC3hSnit33Lh2KEj7IGXt9h7SyNxM
MD5:	308D180970B3A6A3389B828551F380BE
SHA1:	29BD14918C3B1B951EA4D3A5FE43E9ED14FBAC63
SHA-256:	6CB8989DDB962CC1FC4AA0FB55E0D0421E552B7C11475198017171BA9B13539D
SHA-512:	7EC1AF33219EBB3193F49290AC54B18E15A0B7584E7D62E08311540AC60EFC13B6F05248C5AE6286566483D2D282047DD404EFBB89EFF3C4F3CEFADB83148C69
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\|!{X.O(X.O(X.O(Qe.(\.O(.aN)Z.O(.aJ)T.O(.aK)P.O(.aL)[.O(.`N)Z.O(X.N(/.O(.eN)].O(.eK)Y.O(.`B)Y.O(.`O)Y.O(.`.(Y.O(.`M)Y.O(RichX.O(................PE..d...V..e.........." ...#.P..........`........................................ ............`.........................................t...X...........................................................................p...@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26904
Entropy (8bit):	7.417965806918985
Encrypted:	false
SSDEEP:	768:Vzh/iDHAPcpqyIGQUNz5YiSyvHAMxkEJ5YSv:1hiDHAP5yIGQUN97SyPx/Y+
MD5:	C7FD1D372211BE50EC7BD692F566E8A6
SHA1:	8099F47303E917F05B06EE88A44992B89515496F
SHA-256:	3CFE97BD4ECCB9C69B1E08E140098189F3011EA7A43B358AE1F7F5C7220DD397
SHA-512:	3A6304865F4F136FF983A64BA0E0A10950EA0FF0E4602EF3859AC51B40FFA3B09A6B3D8B6C86603194979D0CC7778271676EA0FE75093A2E6036EC0E2D56D9A3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:W\.[9..[9..[9..#...[9..'8..[9..'<..[9..'=..[9..':..[9..&8..[9.M#8..[9..[8.M[9..&4..[9..&9..[9..&...[9..&;..[9.Rich.[9.........................PE..d...Y..e.........." ...#.0...............................................................`.............................................L.......P............`..............<..........................................@...........................................UPX0....................................UPX1.....0.......*..................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45336
Entropy (8bit):	7.717736433119785
Encrypted:	false
SSDEEP:	768:o1X8HEfobVbgwsIZsQD182/q2vQttkmnIzPnzTpwOgIGLwgBT5YiSyvvBAMxkEn:wXz0gwsGsQD1ZbmiSOgIGLwgBd7SyZxL
MD5:	CE773BF599AA4664533AC42410520FA2
SHA1:	661350EC2718B0A5D221D3D11687C93C00CBA777
SHA-256:	D6D04F0E7D8C396F85E8DB82750224F454D17EF0648F8D11A3A76E0287D39FA5
SHA-512:	A25C04034459D0BF82D61AF123A0AD37548689D048E026F0A2D2836D45A0BBE8E82B073ECAE417147A407E34768B45BC8C46242DE78283AFB7BEC8D8C60A434F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J./.+z\|.+z\|.+z\|.S.\|.+z\|.W{}.+z\|.W.}.+z\|.W~}.+z\|.Wy}.+z\|}V{}.+z\|.+{\|.+z\|.S{}.+z\|}Vw}.+z\|}Vz}.+z\|}V.\|.+z\|}Vx}.+z\|Rich.+z\|................PE..d......e.........." ...#.p.......... q....................................................`.........................................D...P....................0......................................................0}..@...........................................UPX0....................................UPX1.....p.......p..................@....rsrc................t..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	67352
Entropy (8bit):	7.856092146754657
Encrypted:	false
SSDEEP:	1536:mRuyAdinkEweTTDWPnQfNnPAdu8LfPXrBIGC777m7Synx5:YF9fEo58DPXdIGC77yN
MD5:	4C86933F615D895BC421199CC4F74A74
SHA1:	90496BF51B37165BD2D7F213AD886CDECD991679
SHA-256:	BF2AAA5FBB9CA9DAE5D138B1C70DE1E6B52005ECED94FC31873AB4F9C14719AC
SHA-512:	1CF91A962F973A906C527BC83243FCEA84A9AAD70E21339893EEF0A5BAFEDD05E5F66618E0D9040977413B933F19DD27FFEAB743551C491690C7E620C7043AEF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.k.4.8.4.8.4.8.L)8.4.8.H.9.4.8.H.9.4.8.H.9.4.8.H.9.4.8kI.9.4.8.4.8#5.8.L.9.4.8kI.9.4.8kI.9.4.8kIE8.4.8kI.9.4.8Rich.4.8........................PE..d......e.........." ...#.........@.......P...................................0............`.........................................l,..d....)....... ..........8............,..........................................@...........................................UPX0.....@..............................UPX1.........P......................@....rsrc........ ......................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28952
Entropy (8bit):	7.472560755921187
Encrypted:	false
SSDEEP:	768:oWw1HQYXj+pMUbIGCi9lx5YiSyvzAMxkEaFy:oWMpUbIGCi9h7Syrx+g
MD5:	6692FB61DADAE290E9C9D1B18F8F567D
SHA1:	4001C0347BA6E0FDBB05453D39549712F62B2B81
SHA-256:	235282A0C0EDE0AC029AD5831DF01B4E3BBDEA7960E864369EFC797105ABD895
SHA-512:	11B21EE9B7FFC32E0EF5E26E107DF9260CC22FF415F27DFEF680C3F36EC74C935263DC3C21B03D408D37E42C9188C0E51A760F61C63238C9CC45F0AE8207CF31
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._\...=.@.=.@.=.@.En@.=.@.A.A.=.@.A.A.=.@.A.A.=.@.@.A.=.@.A.A.=.@PE.A.=.@.=.@A=.@PE.A.=.@.@.A.=.@.@.A.=.@.@.@.=.@.@.A.=.@Rich.=.@........PE..d..._..e.........." ...#.0.......... .....................................................`.............................................H.......\............p..`...........@.......................................0...@....................S..@...................UPX0....................................UPX1.....0.......0..................@....rsrc................4..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1329520
Entropy (8bit):	5.586689148227218
Encrypted:	false
SSDEEP:	12288:uttcY+b+vOmgRF1+fYNXPh26UZWAzau7j5D95wXgkVHdYOP4wwMw9gCCaYc23:uttcY+mHCiaA5TnqHdYOPxmEaYc23
MD5:	73F91FE1B7771F022020DDF0AC619CDE
SHA1:	D9ECB3061627C94F2CF6C1B7A34FEA2CDBD13DF7
SHA-256:	763457EC96D1D2AFDDFFA85523D59AA351208BFDF607F5C5F3FB79A518B6D0C2
SHA-512:	CB85666C7E50E3DBF14FC215EC05D9576B884066983FE97FA10A40C6A8D6BE11C68CA853E7F7039EC67E6B2D90E8C8A3273039B4B86D91D311BCDDCDD831B507
Malicious:	false
Preview:	PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z..e........Z..e.e........Z+ejY............................[d...Z-..e-........

C:\Users\user\AppData\Local\Temp\_MEI63882\certifi\cacert.pem

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299427
Entropy (8bit):	6.047872935262006
Encrypted:	false
SSDEEP:	6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
MD5:	50EA156B773E8803F6C1FE712F746CBA
SHA1:	2C68212E96605210EDDF740291862BDF59398AEF
SHA-256:	94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
SHA-512:	01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md.cp312-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	6.714814722625894
Encrypted:	false
SSDEEP:	192:MAOzE9WrStIf1F25LInXfzMiiukYj273QJXpHE0J:LMGo1F2AXbQuZa7gJXS0
MD5:	A0E2423755456AA66970981C3B5D453E
SHA1:	48A92FA53CBDE319D2F7F222630EE38C19D761BD
SHA-256:	2CEF74C8D6D5DEC5A0088B42CCC54A01952CDA57E4E4A026E4F39F793737FB78
SHA-512:	5A8DCDCAD81A9DFBDDDE14A32B248A0E763E3C6216A56EDC61BC74A7FD8CF132AAD1B64B1967CB4BE88800D308FE125D948DEAC88B7262CFFE46F03830D2608D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...). .......p........................................................`.........................................@...p......P............@..........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	40448
Entropy (8bit):	7.867941384903281
Encrypted:	false
SSDEEP:	768:hG2Z8o+8FiFF0grM5z6BBPNWjLDKZ2MW96vLejBuzMsidkERB4Uppu:hG2Z8ogFF9BPsGZ2MWiIuzMs2B4Uq
MD5:	86170649F304419D33D64B9042927C0D
SHA1:	9FC3624415C0D23CD29722D9FE9BF19EEF825A61
SHA-256:	7F4BE425D941D3B2C8DA7C9B9197A0E386ACE28B73B0806FF4AD329F959FB304
SHA-512:	810378ACFD833D1C74D1CBF23774A6968A36AD4851DD70C88E7832B4604D8434140F8563187AFD80A8E0E19717A3F29BFBCDF90BBAE00A413DDA03FE7FA3C75C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).............H.......................................p............`..........................................b..d....`.......`......................<c.......................................T..@...........................................UPX0....................................UPX1................................@....rsrc........`......................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	5440
Entropy (8bit):	5.074230645519915
Encrypted:	false
SSDEEP:	96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
MD5:	C891CD93024AF027647E6DE89D0FFCE2
SHA1:	01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
SHA-256:	EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
SHA-512:	3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
Malicious:	false
Preview:	Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	15485
Entropy (8bit):	5.56196201342315
Encrypted:	false
SSDEEP:	192:1XxTBL1z5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:1XXL1hCEsJrPB6s7B0Ppz+96innVB
MD5:	8D7997FB71E20CD7B224D04D72F0DAFA
SHA1:	2AA4472F7177DCBA6067295BB5CD0218D8E44AA0
SHA-256:	AF001DA7DCDB3AB8666555CAE1F34B360785F23987072919952D921C918B87DF
SHA-512:	A2B4D6A4DB6E134EFFCD2D294C4DFBA27DF8735FBC25FCA367F244A85E64B375AEAA93212D2A69A6989266086AE84EAFE5FFE714581ECB1493AF2959F73063A0
Malicious:	false
Preview:	cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__init__.cpython-312.pyc,,..cryptography/__pycache__/exceptions.cpython-312.pyc,,..cryptography/__p

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	94
Entropy (8bit):	5.016084900984752
Encrypted:	false
SSDEEP:	3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
MD5:	C869D30012A100ADEB75860F3810C8C9
SHA1:	42FD5CFA75566E8A9525E087A2018E8666ED22CB
SHA-256:	F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
SHA-512:	B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\license_files\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	197
Entropy (8bit):	4.61968998873571
Encrypted:	false
SSDEEP:	3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
MD5:	8C3617DB4FB6FAE01F1D253AB91511E4
SHA1:	E442040C26CD76D1B946822CAF29011A51F75D6D
SHA-256:	3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
SHA-512:	77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
Malicious:	false
Preview:	This software is made available under the terms of either of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of both these licenses..

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	11360
Entropy (8bit):	4.426756947907149
Encrypted:	false
SSDEEP:	192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
MD5:	4E168CCE331E5C827D4C2B68A6200E1B
SHA1:	DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
SHA-256:	AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
SHA-512:	F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1532
Entropy (8bit):	5.058591167088024
Encrypted:	false
SSDEEP:	24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
MD5:	5AE30BA4123BC4F2FA49AA0B0DCE887B
SHA1:	EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
SHA-256:	602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
SHA-512:	DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
Malicious:	false
Preview:	Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography\hazmat\bindings\_rust.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2229248
Entropy (8bit):	7.999624402050615
Encrypted:	true
SSDEEP:	49152:qbSlg7EtPbwG7Qtugc58UQG/0ym73KDYo/6cUWnyO:+SCkwG7Gub8URsF6YoPUE
MD5:	308328BCA82BE8A73422314F9B706EA9
SHA1:	A6AFCF77AED56D4F22250E4E74DAB23AA0F91B35
SHA-256:	68F78996E7C12E631E1E62C75D4A323D6C24D0AB94D3D272BEEA5719FB55888D
SHA-512:	9BE96651B2DCE3C7E601E248D8707037BD0914116AF8FBD8399A30057273BEB77DCCCBEB5376C721B9201653E79F2F0063DA08F9546B8063C183EEC596B123DF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..".......V.0wx...V...................................x...........`...........................................x.......x.............. s...............x.$...........................H.x.(.....x.@...........................................UPX0......V.............................UPX1......"...V...!.................@...UPX2..........x.......!.............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\libcrypto-3.dll

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1629464
Entropy (8bit):	7.952620213372374
Encrypted:	false
SSDEEP:	49152:iMyDwbv70aKbP1zkLO5YHLA1CPwDvt3uFlDCZ:Gwbv77KbPaqYHLA1CPwDvt3uFlDCZ
MD5:	5A3C63ACDC6CE220B8E104DEA93CBA90
SHA1:	17A4282C1E359ED9726AD99202CB85833F07E714
SHA-256:	539A6496305304D8C8FC8C3219F6F84E4D4467767EEDA9A3B8A66CEDA01A2880
SHA-512:	2E050F79E844EA4ED27E607405242ADEDD9243102A27E026D1AFE6E108018C4AA20B10EB093AD96E60CC95EAF8B86B8BFC9B4364020E88E4483FA1E5FBD1C389
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./',.kFB.kFB.kFB.b>..yFB..:C.iFB..:G.gFB..:F.cFB..:A.oFB.kFC..FB. >C.`FB.;A.KFB.;F..EB.;B.jFB.;..jFB.;@.jFB.RichkFB.........................PE..d...x..e.........." ...#. .......`9.0{O..p9.................................. R...........`......................................... .O......O.h.....O.......K.\.............R.......................................O.@...........................................UPX0.....`9.............................UPX1..... ...p9.....................@....rsrc.........O.....................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\libffi-8.dll

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	29968
Entropy (8bit):	7.67776426213941
Encrypted:	false
SSDEEP:	768:1p/6aepjG56w24Up3p45YiSyvkIPxWEqG:fA154spK7SytPxF
MD5:	66D7E2C5F4AA3E910DC357780ECF21F8
SHA1:	EA658DF800A048EE8C4549B8937C13A0952A3DF5
SHA-256:	3912D541C4EEA9029EE29D4DB6C0CA5F70196F93D50E57236508F531BC1A834C
SHA-512:	7D0BC6EF3EBD8A36264D7575143101212A8A3DD216054BACF4F922CD23D05936B9BB6BEC1F2466142D83774C19D0ED5DA808887F912D86F51E73225D7A130DAE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".@................................................................`.....................................................................P.......................................................@...........................................UPX0....................................UPX1.....@.......<..................@...UPX2.................@..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\libssl-3.dll

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	229144
Entropy (8bit):	7.9300366936484465
Encrypted:	false
SSDEEP:	3072:gFfmvsqWLSCMT+MyN6Qp2oZqpN+/fvrqknqbf6CjaBGkfPkZAK1ck2kBVfLwOmFd:gFevsT9JN+vyH1nqLr3CPrYBBRcd
MD5:	6E9C94A0BDCE8396496A3C963FA08711
SHA1:	F0C28AED37FB319450F3826433F4B88661DB0BA6
SHA-256:	8630601F8B8C63581FBCECAE35273FC2E3BA45361F33AAFC6AF739CE5442A547
SHA-512:	53D3CB9935C4278ABF815B385A4556B771B8AED11C65B7E5F49AADEB53161931ECF7BE93FC3271985896BE2653AEA73FA8C09AF4B7BD170AC717C151683A1B08
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..T..T..].3.Z....V......V....X....\....P....W..T..I....e....U.._.U....U..RichT..........PE..d......e.........." ...#.....P...p...r....................................................`............................................,C......8............ ..pM...................................................~..@...........................................UPX0.....p..............................UPX1................................@....rsrc....P.......L..................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\psutil\_psutil_windows.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	7.733393238451438
Encrypted:	false
SSDEEP:	768:SEQsXhsJVH50FvAnRNI2xEY3/oQudyp6i6:74JVO9WRe2xEY3/oQk
MD5:	65D19EE3A3EAF682ABE565946ED6A79D
SHA1:	0A3873DD5B9B1F9E63B90CE79EBD70745BECA57B
SHA-256:	61EB89C3D6468A996AAC6920D271805650073A77AD27AA26732B7473C1361244
SHA-512:	5A97CB7F902427D56F8853D0252934B7941D6249E4EA55409A2E2C8ED95CF3CB3BE91F189A5705B6DB779E3051DD2E15E5B4DAA3C87D1EA1DFFFA12B3EB36E1A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..5..5..5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d.....qf.........." .................U....................................................`.........................................8u..`....p..H....p.......................u.......................................a..8...........................................UPX0....................................UPX1.............t..................@....rsrc........p.......x..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	90392
Entropy (8bit):	7.905790533903752
Encrypted:	false
SSDEEP:	1536:fFvj0VRbbCImt6eN962HiwRHni5uQfp0hhp/EnonIGLhri07SyVBxF:FIR6l82HLx40hhxIGLhrZZ
MD5:	406D4152D167A2793DD51745FF30242D
SHA1:	2770A101C9FD77D9DC539FCE6FB1BFC24399F035
SHA-256:	384CB9A64F419376E37BD2CD7D62A3FD9DEA122AA5E2CB6E67A232D0A287433E
SHA-512:	7639F6BBB8DD881BB5B99CD1FEB9069176E6AC1076E3884D4DC598D8FD0F8E5F2A07BF8C830D340BB175270D3C9FF58133A9E649F1F91335243EB235108220A1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................g.................................h.......................h.......h.......h.......h.......Rich....................PE..d...Z..e.........." ...#. ..........P!.......................................@............`..........................................<..P....9.......0.......................<......................................P-..@...........................................UPX0....................................UPX1..... ....... ..................@....rsrc........0.......$..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\python3.dll

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68376
Entropy (8bit):	6.14883904573939
Encrypted:	false
SSDEEP:	768:3V1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/J:3DmF61JFn+/OipIGL0m7Sy0xG
MD5:	77896345D4E1C406EEFF011F7A920873
SHA1:	EE8CDD531418CFD05C1A6792382D895AC347216F
SHA-256:	1E9224BA7190B6301EF47BEFA8E383D0C55700255D04A36F7DAC88EA9573F2FB
SHA-512:	3E98B1B605D70244B42A13A219F9E124944DA199A88AD4302308C801685B0C45A037A76DED319D08DBF55639591404665BEFE2091F0F4206A9472FEE58D55C22
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..."e.."e.."e.0_m.."e.0_e.."e.0_..."e.0_g.."e.Rich."e.................PE..d...@..e.........." ...#............................................................q.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI63882\python312.dll

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1826072
Entropy (8bit):	7.993990404156154
Encrypted:	true
SSDEEP:	49152:pTBxkJIkNEakpCPK1JQyHi3p70PHY6/g7:PeFNlUsK1ij31WYUW
MD5:	A7BF4310CEA55C20568B6AF1D00E49D4
SHA1:	1AC601543CAD3676496F9825EE1ED2D76580DDB5
SHA-256:	008DA498AE18A93B2423E1F8823B199CA49A81BB42932D5D6C73C8B29FEC2896
SHA-512:	859F6E4DC1B823455E5125529CA9694C8346FEA5D479B620CF13F9E834506DBEF8CED29F11B623395CD7A1D3D3C329D8E1AF10240D78943045D0DA4B305CCEE3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................m.................x...s...x......x......x......Rich............PE..d...=..e.........." ...#.........@Q...l..PQ...................................m...........`.........................................H/l......)l...... l......``..V............l. ...........................0.l.(...p.l.@...........................................UPX0.....@Q.............................UPX1.........PQ.....................@....rsrc........ l.....................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\select.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26392
Entropy (8bit):	7.448154728523066
Encrypted:	false
SSDEEP:	768:cnyukFaypXM5IGQGNf5YiSyvTcAMxkEMrX:cnGAaM5IGQGNR7Syb6xuX
MD5:	6C46842787FC019A0D69306E2B8E47EC
SHA1:	9E15D2222689F94A378AC2E4204A2604CF489BCD
SHA-256:	11EA4521E8ADF7059EBEEDB591A55F27315E7482B1C8C88143158E4FA3761546
SHA-512:	AB895B27C11D2A55995696528121DB88F6C2B377DB56E22C453D869DD78EF0A6D14DB8281A9568653E7789E99D104C67B4C2A071BEFC8CA1AD2D609DD37CDD06
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t.q\|'.q\|'.q\|'...'.q\|'q.}&.q\|'q.y&.q\|'q.x&.q\|'q..&.q\|'..}&.q\|'.q}'.q\|'..}&.q\|'..q&.q\|'..\|&.q\|'...'.q\|'..~&.q\|'Rich.q\|'........PE..d...Z..e.........." ...#.0................................................................`......................................... ...L....................`..............l..........................................@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\autocommand-2.2.2.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\autocommand-2.2.2.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7634
Entropy (8bit):	4.503638339817033
Encrypted:	false
SSDEEP:	192:qnJvhVL0qhYqlpIle4RrJQSqOBng4kS/cKM6b:4vjxhYWpce48engvK
MD5:	8466CFC6533376D42EFA6F7423F2B8E8
SHA1:	2BC8926FDBB07DB2AF0A8E3FF7A3BE545C8BDF6B
SHA-256:	ADE78D04982D69972D444A8E14A94F87A2334DD3855CC80348EA8E240AA0DF2D
SHA-512:	CC45DC470E107E63659B502F77E9EF44335F9427BE87639252D85181A8DEA65FA9D1B5F1BD196F782186BC61B144467888199537806A8CC15E2B462CAC0D46A5
Malicious:	false
Preview:	GNU LESSER GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed.... This version of the GNU Lesser General Public License incorporates.the terms and conditions of version 3 of the GNU General Public.License, supplemented by the additional permissions listed below... 0. Additional Definitions... As used herein, "this License" refers to version 3 of the GNU Lesser.General Public License, and the "GNU GPL" refers to version 3 of the GNU.General Public License... "The Library" refers to a covered work governed by this License,.other than an Application or a Combined Work as defined below... An "Application" is any work that makes use of an interface provided.by the Library, but which is not otherwise based on the Library..Defining a subclass of a class defined by the Library is de

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\autocommand-2.2.2.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Python script, ASCII text executable, with very long lines (855)
Category:	dropped
Size (bytes):	15006
Entropy (8bit):	4.800156894367144
Encrypted:	false
SSDEEP:	192:S037UxjwUbQd1Ak++k59jg8dXRNInXF2IOxcme+kQBd9Clb:d37U1LbQd1Z+3e8dhwXFacb+kQjQb
MD5:	542BA4FBC993C39A0BC952BE72E8717F
SHA1:	4310DB58F98C12B23286E5FA37F0E27ABEFB6A4A
SHA-256:	3800D9B91DCEEA2065A6ED6279383362E97AC38B8E56B9343F404EE531860099
SHA-512:	E3672EA056E5F2EFD3685C98DC0CF47E9A44F5A84DC457FC8AB31CD6DE09559C6E566D2D00F5B3CE55511E81A050DBB0DED6CF941916A6FF1019392FD96E1636
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	Metadata-Version: 2.1.Name: autocommand.Version: 2.2.2.Summary: A library to create a command-line program from a function.Home-page: https://github.com/Lucretiel/autocommand.Author: Nathan West.License: LGPLv3.Project-URL: Homepage, https://github.com/Lucretiel/autocommand.Project-URL: Bug Tracker, https://github.com/Lucretiel/autocommand/issues.Platform: any.Classifier: Development Status :: 6 - Mature.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3).Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development.Classifier: Topic :: Software Development :: Libraries.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Requires-Python: >=3.7.Description-Content-Type: text/markdown.License-File: LICENSE..[![PyPI version](https://badge.fury.io/py/autocommand.svg)](

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\autocommand-2.2.2.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1308
Entropy (8bit):	5.721750099226425
Encrypted:	false
SSDEEP:	24:kn/2zDcMvX4owkE+RlpGUttyvUMDtuH5p4D127cyOMT34:knuXNv4LkEMl0UWMF5p45AcuT34
MD5:	52BF4937018B88B9D28ED98A76B5E2AC
SHA1:	C8D5B732C154A2D4D501454647FAFEB356B93C4E
SHA-256:	822BBA66B41526FA547186B80221F85DA50D652BEE5493DBFE5D14085112F0C3
SHA-512:	30E4DEFE09FB8907166682F9A33E0F7CC0203B65113155BBEC6548A1EADF7250882AF295FF2551803703274F9F387E00439D95CBBCB63D2E04E371B94556B3EE
Malicious:	false
Preview:	autocommand-2.2.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..autocommand-2.2.2.dist-info/LICENSE,sha256=reeNBJgtaZctREqOFKlPh6IzTdOFXMgDSOqOJAqg3y0,7634..autocommand-2.2.2.dist-info/METADATA,sha256=OADZuR3O6iBlpu1ieTgzYul6w4uOVrk0P0BO5TGGAJk,15006..autocommand-2.2.2.dist-info/RECORD,,..autocommand-2.2.2.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92..autocommand-2.2.2.dist-info/top_level.txt,sha256=AzfhgKKS8EdAwWUTSF8mgeVQbXOY9kokHB6kSqwwqu0,12..autocommand/__init__.py,sha256=zko5Rnvolvb-UXjCx_2ArPTGBWwUK5QY4LIQIKYR7As,1037..autocommand/__pycache__/__init__.cpython-312.pyc,,..autocommand/__pycache__/autoasync.cpython-312.pyc,,..autocommand/__pycache__/autocommand.cpython-312.pyc,,..autocommand/__pycache__/automain.cpython-312.pyc,,..autocommand/__pycache__/autoparse.cpython-312.pyc,,..autocommand/__pycache__/errors.cpython-312.pyc,,..autocommand/autoasync.py,sha256=AMdyrxNS4pqWJfP_xuoOcImOHWD-qT7x06wmKN1Vp-U,5680..autocommand/autoco

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\autocommand-2.2.2.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.842566724466667
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlViJR4KgP+tPCCfA5S:RtBMwlVifAWBBf
MD5:	88F09A0EC874FD86ABCB9BC4E265B874
SHA1:	786AB44FFD2F5C632B4DC5C1BF4AA2E91E579A05
SHA-256:	DB07A93359E4E034B8785A58AD6D534EA3DCA0635F1E184EFE2E66E1C3A299BA
SHA-512:	7FFEF1EC782D590D2879294C2895A5A8064ECD5FE7243CF602FCCE66A8A715F64436F17CE96070B613123847EE0C18AB0AA5BC87DB13E98A792DC07DD95E4BAB
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.38.4).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\autocommand-2.2.2.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.084962500721156
Encrypted:	false
SSDEEP:	3:5EEln:aM
MD5:	C3FBD7931840D987F261BEBA8C77C4D2
SHA1:	F7EE740BCB5C39966173CC377817A157D55844F7
SHA-256:	0337E180A292F04740C16513485F2681E5506D7398F64A241C1EA44AAC30AAED
SHA-512:	E1FA2DE0EE416AE68C57A0173C82D42A8F24DDD1E5143A1B76A3743B5EC3DDF11FB3950F27469D3D8FCAC4958CE267A7321D2F888671EDD7C2E95D0F3F8F7455
Malicious:	false
Preview:	autocommand.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	5.059832621894572
Encrypted:	false
SSDEEP:	24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
MD5:	141643E11C48898150DAA83802DBC65F
SHA1:	0445ED0F69910EEAEE036F09A39A13C6E1F37E12
SHA-256:	86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
SHA-512:	EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
Malicious:	false
Preview:	Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2020
Entropy (8bit):	5.0469065437932175
Encrypted:	false
SSDEEP:	48:DfdqaaC3P1xe9okGw1w8wQwywbM0kvsJib0ts++kv0gMzvy0htC+heU01:DfdqaaC/12G2bHZokO+/36
MD5:	18B352E2051962B9F65C33BC651426BF
SHA1:	3DD8D93CF7695D1C9D7574751AB5B0DEE5DD7F9A
SHA-256:	8215C54EAD77D9DC5A108A25C6BDC72B5999AA6F62C9499A440359412AFA5A51
SHA-512:	D966BC2899079C0D9AC763C96EA59A550E00A54BDCEEB6D96B0A8CAA9F6A1C408E7E3946915432978EDE9EDF669EEC68035A55B094B69671A28428458760D99E
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: backports.tarfile.Version: 1.2.0.Summary: Backport of CPython tarfile module.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/backports.tarfile.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest !=8.1.*,>=6 ; extra == 'testing'.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'testing'.Requires-Dist: pytest-cov ; extra == 'testing

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	5.753738299642538
Encrypted:	false
SSDEEP:	24:U6rn/2zDJ6rvbqfuG6rJnB6rU6rEsJYB6rXamx6rlCHmTKjaQliwxJlp5DQljQls:NnuXIzUurJwN5JjfAlqYK9liSlp5DQlP
MD5:	CF347AE8E31132435B127226F358F8CD
SHA1:	2C857B300638FF291651234BBB2C077BEEF494E4
SHA-256:	258A1F1C849E1175069A55A5D6CE357AFDD04E34CD5DE27093E4ACEC7A9D2CE1
SHA-512:	2A46C7FDFA2F9883BB1D761646B33BE9CE7B07280A5BF38992C1C84AB0449944EB0CAF34620CCC82DDBBC193F0D54AE67797D97863F70CA0C24EE55A3B401F9C
Malicious:	false
Preview:	backports.tarfile-1.2.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..backports.tarfile-1.2.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..backports.tarfile-1.2.0.dist-info/METADATA,sha256=ghXFTq132dxaEIolxr3HK1mZqm9iyUmaRANZQSr6WlE,2020..backports.tarfile-1.2.0.dist-info/RECORD,,..backports.tarfile-1.2.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..backports.tarfile-1.2.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..backports.tarfile-1.2.0.dist-info/top_level.txt,sha256=cGjaLMOoBR1FK0ApojtzWVmViTtJ7JGIK_HwXiEsvtU,10..backports/__init__.py,sha256=iOEMwnlORWezdO8-2vxBIPSR37D7JGjluZ8f55vzxls,81..backports/__pycache__/__init__.cpython-312.pyc,,..backports/tarfile/__init__.py,sha256=Pwf2qUIfB0SolJPCKcx3vz3UEu_aids4g4sAfxy94qg,108491..backports/tarfile/__main__.py,sha256=Yw2oGT1afrz2eBskzdPYL8ReB_3liApmhFkN2EbDmc4,59..backports/tarfile/__pycache__/__init__.cpython-312.pyc,,..back

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	3.321928094887362
Encrypted:	false
SSDEEP:	3:21v:ev
MD5:	9BA458821AD258B6EF62B47E91302982
SHA1:	9EDB9E6BA5C4001CE2FCCF328739292404EA9604
SHA-256:	7068DA2CC3A8051D452B4029A23B73595995893B49EC91882BF1F05E212CBED5
SHA-512:	3A296E5DADD5B406330BA088BFED33BE6960F8FF42DB6651E185FF14F2272FC819EF520D1A15BC40DA4E20B9CA0E5D79170EDF33F3D50937C7FBEDB338CAC730
Malicious:	false
Preview:	backports.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	11358
Entropy (8bit):	4.4267168336581415
Encrypted:	false
SSDEEP:	192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
MD5:	3B83EF96387F14655FC854DDC3C6BD57
SHA1:	2B8B815229AA8A61E483FB4BA0588B8B6C491890
SHA-256:	CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
SHA-512:	98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4648
Entropy (8bit):	5.006900644756252
Encrypted:	false
SSDEEP:	96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
MD5:	98ABEAACC0E0E4FC385DFF67B607071A
SHA1:	E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
SHA-256:	6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
SHA-512:	F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2518
Entropy (8bit):	5.6307766747793275
Encrypted:	false
SSDEEP:	48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
MD5:	EB513CAFA5226DDA7D54AFDCC9AD8A74
SHA1:	B394C7AEC158350BAF676AE3197BEF4D7158B31C
SHA-256:	0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
SHA-512:	A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
Malicious:	false
Preview:	importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	91
Entropy (8bit):	4.687870576189661
Encrypted:	false
SSDEEP:	3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
MD5:	7D09837492494019EA51F4E97823D79F
SHA1:	7829B4324BB542799494131A270EC3BDAD4DEDEF
SHA-256:	9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
SHA-512:	A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	19
Entropy (8bit):	3.536886723742169
Encrypted:	false
SSDEEP:	3:JSej0EBERG:50o4G
MD5:	A24465F7850BA59507BF86D89165525C
SHA1:	4E61F9264DE74783B5924249BCFE1B06F178B9AD
SHA-256:	08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
SHA-512:	ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
Malicious:	false
Preview:	importlib_metadata.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	11358
Entropy (8bit):	4.4267168336581415
Encrypted:	false
SSDEEP:	192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
MD5:	3B83EF96387F14655FC854DDC3C6BD57
SHA1:	2B8B815229AA8A61E483FB4BA0588B8B6C491890
SHA-256:	CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
SHA-512:	98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3944
Entropy (8bit):	5.015824473130961
Encrypted:	false
SSDEEP:	96:DHxQuiTaCP1nTGDbHRbnzQWHaiQq+fT5lWp8sSwTW:2PP9GDbHRbnp+rapPSwTW
MD5:	C3EB48CD13B50DDED7CD524E1E9DD4CE
SHA1:	7C9B0B50D0E667825DAB09902AD8376A5F2945B6
SHA-256:	83878CD8BB8BD0E89971454D0F4AB00C9529136F603AFB4EDC148F5D36CEF459
SHA-512:	056EBC250B7E82F91B5C5E96B1293F24D5E917E06846A9716A4D05B47C30FEB3781E439C77876CF7D8620BEBAA4A253039CA8DF122283DE304992E340F4DE8BF
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: importlib_resources.Version: 6.4.0.Summary: Read resources from Python packages.Home-page: https://github.com/python/importlib_resources.Author: Barry Warsaw.Author-email: barry@python.org.Project-URL: Documentation, https://importlib-resources.readthedocs.io/.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.License-File: LICENSE.Requires-Dist: zipp >=3.1.0 ; python_version < "3.10".Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: sphinx <7.2.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; ext

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	7620
Entropy (8bit):	5.560551717923108
Encrypted:	false
SSDEEP:	192:lX7qdX7ZgsP7JtILSVAn5V26+XuVYmBXx:lX7wX7ZBP7ELSVAni6+iBh
MD5:	67F5E26385B6BDCF2236A005A2D2BA32
SHA1:	3DCD8685638A90D121FD484138AFCAC9775E5D66
SHA-256:	967DD56FEEA143F1D2C4E98AC1F937C055E61C9AA0425146D55F7AD7C82510FA
SHA-512:	30B5812E930A00A476E570EBCC4611D54C911A8B1E4646949A887F551FC5ABDC933311A554B197C602F0DA7626DFE8877A3F267EFBC6D724E24A3E9B5FCC2E30
Malicious:	false
Preview:	importlib_resources-6.4.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_resources-6.4.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_resources-6.4.0.dist-info/METADATA,sha256=g4eM2LuL0OiZcUVND0qwDJUpE29gOvtO3BSPXTbO9Fk,3944..importlib_resources-6.4.0.dist-info/RECORD,,..importlib_resources-6.4.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_resources-6.4.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..importlib_resources-6.4.0.dist-info/top_level.txt,sha256=fHIjHU1GZwAjvcydpmUnUrTnbvdiWjG4OEVZK8by0TQ,20..importlib_resources/__init__.py,sha256=uyp1kzYR6SawQBsqlyaXXfIxJx4Z2mM8MjmZn8qq2Gk,505..importlib_resources/__pycache__/__init__.cpython-312.pyc,,..importlib_resources/__pycache__/_adapters.cpython-312.pyc,,..importlib_resources/__pycache__/_common.cpython-312.pyc,,..importlib_resources/__pycache__/_itertools.cpython-312.pyc,,..importlib_resource

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\importlib_resources-6.4.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.6841837197791887
Encrypted:	false
SSDEEP:	3:JSe8AW6D:3fD
MD5:	0613840F692BD9E064FEDD915DFD477A
SHA1:	64DF38B36F541BA1714C15FCA1A9CA8C94EF2DAA
SHA-256:	7C72231D4D46670023BDCC9DA6652752B4E76EF7625A31B83845592BC6F2D134
SHA-512:	78AA888C24B3468C94FCB8EB882561D4B6F19A0537A4CFDDDFF94ED8A4BAFE8DF0C2B620E70B57A61E8BA3F877856DB9ADA548DFCA8CAE86D4C3C525A4E9B7EB
Malicious:	false
Preview:	importlib_resources.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	5.059832621894572
Encrypted:	false
SSDEEP:	24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
MD5:	141643E11C48898150DAA83802DBC65F
SHA1:	0445ED0F69910EEAEE036F09A39A13C6E1F37E12
SHA-256:	86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
SHA-512:	EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
Malicious:	false
Preview:	Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	21079
Entropy (8bit):	5.103530371859935
Encrypted:	false
SSDEEP:	384:12Vpnu38/2K9tjUaNtT/yTCtYTnWDdg3GaXb51KLVgWTVPeEGsuPrAESM:12Vpnu38JZtT/yIdg3D51KLV7RPeEGs+
MD5:	1A287FAF08B125BC7C932AAD05E7DAEE
SHA1:	C37042ADC0D1270485F4B8B5B9E085A274DC035B
SHA-256:	66030D634580651B3E53CC19895D9231F8D22AA06B327817C8332CFC20303308
SHA-512:	D0BB0AD27A17007DF7D3281FB2F46EFB048B69532D082AB1D431E0BA28E592D897687708B4EC972F4BC21EDA29DDDDC9EF44BB950DFC4FFB03EA75CDA4DE414C
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: inflect.Version: 7.3.1.Summary: Correctly generate plurals, singular nouns, ordinals, indefinite articles.Author-email: Paul Dyson <pwdyson@yahoo.com>.Maintainer-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/jaraco/inflect.Keywords: plural,inflect,participle.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Natural Language :: English.Classifier: Operating System :: OS Independent.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: Text Processing :: Linguistic.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: more-itertools >=8.5.0.Requires-Dist: typeguard >=4.0.1.Requires-Dist: typing-extensions ; python_version < "3.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	943
Entropy (8bit):	5.828988691860191
Encrypted:	false
SSDEEP:	24:IVn/2zDPvbqfuIpBntmuIcjlM+sVGXdbkDcnJopDvDK16bZWJV:unuXPzUuIpRtmuZjl9sVQgcnJo9bK16E
MD5:	C837BB3258448B7FCC6B77559C7F17B6
SHA1:	B15701449CD64A13756A70AD3704E26DB1FF416B
SHA-256:	5D7834AC1BA2612C6801050FDE57A7B98B0F36ACF88C3C2D4F376FD8911B3091
SHA-512:	2333CD86502C51607414390ECF43BD6D62E863D3DFB0501DAD3A8B45F5F4DFA81F910917183FC4F4A0DEEC82C8F8B3CF8D5B0A2C136DEB164226BABE68B74A33
Malicious:	false
Preview:	inflect-7.3.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..inflect-7.3.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..inflect-7.3.1.dist-info/METADATA,sha256=ZgMNY0WAZRs-U8wZiV2SMfjSKqBrMngXyDMs_CAwMwg,21079..inflect-7.3.1.dist-info/RECORD,,..inflect-7.3.1.dist-info/WHEEL,sha256=y4mX-SOX4fYIkonsAGA5N0Oy-8_gI4FXw5HNI1xqvWg,91..inflect-7.3.1.dist-info/top_level.txt,sha256=m52ujdp10CqT6jh1XQxZT6kEntcnv-7Tl7UiGNTzWZA,8..inflect/__init__.py,sha256=Jxy1HJXZiZ85kHeLAhkmvz6EMTdFqBe-duvt34R6IOc,103796..inflect/__pycache__/__init__.cpython-312.pyc,,..inflect/compat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..inflect/compat/__pycache__/__init__.cpython-312.pyc,,..inflect/compat/__pycache__/py38.cpython-312.pyc,,..inflect/compat/py38.py,sha256=oObVfVnWX9_OpnOuEJn1mFbJxVhwyR5epbiTNXDDaso,160..inflect/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	91
Entropy (8bit):	4.7098485981676825
Encrypted:	false
SSDEEP:	3:RtEeXMRYFAVLKSgP+tPCCfA5S:RtC1VLKZWBBf
MD5:	EB46A94D39AC40E2EEA4A32729E0C8C3
SHA1:	E42EF49A7098269E1934932ECC3174B40967982A
SHA-256:	CB8997F92397E1F6089289EC0060393743B2FBCFE0238157C391CD235C6ABD68
SHA-512:	D89F0DA16AA37AAFAC0DE56A3DFBD72DC3C9DCC53C8E455094E7230DB21ABF95ED76EAC1848A4156DB422B9C10BE136201D871DCCB73AD38192E5536E41DBDFE
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: setuptools (70.2.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\inflect-7.3.1.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:KDpJ:K9J
MD5:	4571281D24750CBE7638EFE250E342AB
SHA1:	61E8A0AD5796F1CA67EAB0D8108A6402483D499B
SHA-256:	9B9DAE8DDA75D02A93EA38755D0C594FA9049ED727BFEED397B52218D4F35990
SHA-512:	E7807002E53CC228D6EFB307E928C6737796B29E31D25A342ED407F556FFBF540494FE92C27B5C31043D2D7FF427C78A29C4FF5595BC11BB643003026642254E
Malicious:	false
Preview:	inflect.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	5.059832621894572
Encrypted:	false
SSDEEP:	24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
MD5:	141643E11C48898150DAA83802DBC65F
SHA1:	0445ED0F69910EEAEE036F09A39A13C6E1F37E12
SHA-256:	86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
SHA-512:	EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
Malicious:	false
Preview:	Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3933
Entropy (8bit):	4.993707893382395
Encrypted:	false
SSDEEP:	96:D0duaC9zmnEh2S8xI0+4np+A+fbl7inVgQJSwT2:qq9KnEh2zxI0+4npn+zlmn+QJSwT2
MD5:	C9BA49C9B82CEFCCAC79CB5B76BCB1EE
SHA1:	AC0DB25AEFD2679B4C3265E713D00F6155A94465
SHA-256:	20C51A96236C0395F53B1F4C5D458E6A0721E51E16C1BFF733B7ABA76F5D06D8
SHA-512:	563C3BEC6FB8D137357130BADCB63A229A18A781B05E2F006F4A42AF7C9052D23D266908DA2E62FF283C9BA7BAA9B6CB6FB32A1999CB07F63471CA43003A34C0
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: jaraco.collections.Version: 5.1.0.Summary: Collection objects similar to those in stdlib by jaraco.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/jaraco/jaraco.collections.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: jaraco.text.Provides-Extra: check.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'check'.Requires-Dist: pytest-ruff >=0.2.1 ; (sys_platform != "cygwin") and extra == 'check'.Provides-Extra: cover.Requires-Dist: pytest-cov ; extra == 'cover'.Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	873
Entropy (8bit):	5.770829319764291
Encrypted:	false
SSDEEP:	24:T9bn/2zDabvbqfunb1AO5bGYbEsJvbp1blKzmKmJaaX9WJV:T9bnuXabzUunb1AgbBb5Jvbp1blscWJV
MD5:	0463062305AC30E7F3D6AB12DA825D90
SHA1:	AC83602461BF535C78EB4CCC13AB103C12110D57
SHA-256:	1E9B62BD70E4A5FA26E9594CBB80860FFECA3DEBFEE8773DAEFA774CD259CA06
SHA-512:	8F617D9A2DA41BDC8591D9EA9F2DBE79D7C5816BA7A94D4044AFF2A0504C9738E83FFCAA350CEF20764D430C261C9DC17DBB5E4ABB7AE54C3BE8715C8AD6BB71
Malicious:	false
Preview:	jaraco.collections-5.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.collections-5.1.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.collections-5.1.0.dist-info/METADATA,sha256=IMUaliNsA5X1Ox9MXUWOagch5R4Wwb_3M7erp29dBtg,3933..jaraco.collections-5.1.0.dist-info/RECORD,,..jaraco.collections-5.1.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..jaraco.collections-5.1.0.dist-info/WHEEL,sha256=Mdi9PDNwEZptOjTlUcAth7XJDFtKrHYaQMPulZeBCiQ,91..jaraco.collections-5.1.0.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/collections/__init__.py,sha256=Pc1-SqjWm81ad1P0-GttpkwO_LWlnaY6gUq8gcKh2v0,26640..jaraco/collections/__pycache__/__init__.cpython-312.pyc,,..jaraco/collections/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	91
Entropy (8bit):	4.696166043246402
Encrypted:	false
SSDEEP:	3:RtEeXMRYFAWWHKRRP+tPCCfA5S:RtC1qjWBBf
MD5:	6FBE8610D7E48CA32AE774804C4A0B19
SHA1:	102D23C4ECB17ED83A6E43888B45FF2BBFE93E0B
SHA-256:	31D8BD3C3370119A6D3A34E551C02D87B5C90C5B4AAC761A40C3EE9597810A24
SHA-512:	78738099EC5B31FDEE5AE50F7840F17EFD526588835157CADF4249882462B1AF2E3BEDB77801A9FCB1D22A8FD41AA6A934B382F3E66309723D0E7F93C2F2868A
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: setuptools (73.0.1).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.5216406363433186
Encrypted:	false
SSDEEP:	3:GEG0:GEG0
MD5:	0BA8D736B7B4AB182687318B0497E61E
SHA1:	311BA5FFD098689179F299EF20768EE1A29F586D
SHA-256:	D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
SHA-512:	7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
Malicious:	false
Preview:	jaraco.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	5.059832621894572
Encrypted:	false
SSDEEP:	24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
MD5:	141643E11C48898150DAA83802DBC65F
SHA1:	0445ED0F69910EEAEE036F09A39A13C6E1F37E12
SHA-256:	86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
SHA-512:	EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
Malicious:	false
Preview:	Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text, with very long lines (406)
Category:	dropped
Size (bytes):	4020
Entropy (8bit):	4.99859161164956
Encrypted:	false
SSDEEP:	96:D6P4YaCP1gGRbHneRohWYc+f/PCnG9rulJQ84UNxCUSwTcL:kPqGRbHneRohWJ+XPaqylW/USwTcL
MD5:	812F27A7C8C748351DC1643D58B6B250
SHA1:	AC9C92013B2F0FC65D741B32A9FE4B956DD6EB7D
SHA-256:	C43B60B897A3D2D37D8845C252FC44261D9AEF171E21154111A9012D2AFFFED6
SHA-512:	CAC62C3682F808D85233B69F1C142B5A0E95E316E4BDCBC6EE253583EC302FA42E635BAB6A837327D8CE5D26C08C8DCD9E45D5CFDD8346B4501C473250D66953
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: jaraco.context.Version: 5.3.0.Summary: Useful decorators and context managers.Home-page: https://github.com/jaraco/jaraco.context.Author: Jason R. Coombs.Author-email: jaraco@jaraco.com.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.License-File: LICENSE.Requires-Dist: backports.tarfile ; python_version < "3.12".Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest !=8.1.1,>=6 ; extra == 'testing'.Requires-Dist: pytest-checkdocs >=2.4

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	641
Entropy (8bit):	5.76835538630355
Encrypted:	false
SSDEEP:	12:TGA0a/2zDJAv/TnqfQlWJAL/fy9vKAGvAXCaaryBAl2VrkEQCXvbAT2r1S:TBn/2zDCvbqfuLO9FGoXamalKSCXzB1S
MD5:	2B0A77624AE3903E42C3A8213E593796
SHA1:	D63027FF018995D0620E2497BCE9678888A57667
SHA-256:	55197B88A78443297BB2D827A75BAAE740B33896251D872835D4B4C75EC2F57E
SHA-512:	C02FB1554F8F40158BB60F2B4EC07D80F71CFBFFB38463C5809385A7A2FF8DDB2BDFEFE9AE5E67F4DEC3D904A6E0925E565B0EE6363DD0C2ED5B03A96B056B18
Malicious:	false
Preview:	jaraco.context-5.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.context-5.3.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.context-5.3.0.dist-info/METADATA,sha256=xDtguJej0tN9iEXCUvxEJh2a7xceIRVBEakBLSr__tY,4020..jaraco.context-5.3.0.dist-info/RECORD,,..jaraco.context-5.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.context-5.3.0.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/__pycache__/context.cpython-312.pyc,,..jaraco/context.py,sha256=REoLIxDkO5MfEYowt_WoupNCRoxBS5v7YX2PbW8lIcs,9552..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.context-5.3.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.5216406363433186
Encrypted:	false
SSDEEP:	3:GEG0:GEG0
MD5:	0BA8D736B7B4AB182687318B0497E61E
SHA1:	311BA5FFD098689179F299EF20768EE1A29F586D
SHA-256:	D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
SHA-512:	7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
Malicious:	false
Preview:	jaraco.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	5.059832621894572
Encrypted:	false
SSDEEP:	24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
MD5:	141643E11C48898150DAA83802DBC65F
SHA1:	0445ED0F69910EEAEE036F09A39A13C6E1F37E12
SHA-256:	86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
SHA-512:	EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
Malicious:	false
Preview:	Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2891
Entropy (8bit):	5.034580807599395
Encrypted:	false
SSDEEP:	48:DEmbsaC3J1x9Ie9okNGwQw8wQw2wTw0zCPU0+I65Jib0H++kv0gM5d0DT+heU04u:DEmgaCZ1nTGDbHRAnzpI6o+fX5dFSwTm
MD5:	C2E6BDA7F1B03B39BF42D31B6DBF6C38
SHA1:	B7A18F079DE22D10C4C318E54BD8C48177F91333
SHA-256:	8B86946900D7FA38DD1102B9C1EBE17A0CB1F09C8B7E29F61F2BDA4A4DC51ECA
SHA-512:	F4E892B3D41482E3B17642B1D722B6E2A8E8DD4833F0623C29ED2D50D55CFC68DA1F9756B4E08723DC89F3E552424096C92912AC4DA533FE8E2DC59DC19EA9CF
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: jaraco.functools.Version: 4.0.1.Summary: Functools like those found in stdlib.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/jaraco.functools.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: more-itertools.Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: sphinx <7.2.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest >=6 ;

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.807846597836061
Encrypted:	false
SSDEEP:	24:Tmn/2zDRvbqfuggoaGnXamZlKZBX3vpBvt+c0X4yWJV:TmnuXRzUuggDifZlmX/aWJV
MD5:	85FB54BAFB143CD57D1787F7EF74FDB2
SHA1:	A915BBCDF108A58F3DFC1783D9D4DD3B7F3CE23A
SHA-256:	632AA7C04F7C4BCC01C027AF5B9BC76FE8958F4A181035B957A3BD3014BA248B
SHA-512:	2A39B4C6F221F88EC61D584C8CD3CAD358E8C7B50E529192105A0A4144ED3C2A4CE8B630C39C18D20E27FE226A23E2DE23CDFF8E3D3693959B165A9A2F9047CD
Malicious:	false
Preview:	jaraco.functools-4.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.functools-4.0.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.functools-4.0.1.dist-info/METADATA,sha256=i4aUaQDX-jjdEQK5wevhegyx8JyLfin2HyvaSk3FHso,2891..jaraco.functools-4.0.1.dist-info/RECORD,,..jaraco.functools-4.0.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.functools-4.0.1.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/functools/__init__.py,sha256=hEAJaS2uSZRuF_JY4CxCHIYh79ZpxaPp9OiHyr9EJ1w,16642..jaraco/functools/__init__.pyi,sha256=gk3dsgHzo5F_U74HzAvpNivFAPCkPJ1b2-yCd62dfnw,3878..jaraco/functools/__pycache__/__init__.cpython-312.pyc,,..jaraco/functools/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.5216406363433186
Encrypted:	false
SSDEEP:	3:GEG0:GEG0
MD5:	0BA8D736B7B4AB182687318B0497E61E
SHA1:	311BA5FFD098689179F299EF20768EE1A29F586D
SHA-256:	D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
SHA-512:	7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
Malicious:	false
Preview:	jaraco.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	5.059832621894572
Encrypted:	false
SSDEEP:	24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
MD5:	141643E11C48898150DAA83802DBC65F
SHA1:	0445ED0F69910EEAEE036F09A39A13C6E1F37E12
SHA-256:	86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
SHA-512:	EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
Malicious:	false
Preview:	Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3658
Entropy (8bit):	5.02710641474483
Encrypted:	false
SSDEEP:	96:DYMaCFS802Vpnu388Ksc+fIybwFiR8g6RSwTsL:pFz02Vpnu388KB+gybwgRd6RSwTsL
MD5:	70FE732EDE8F8E6C84DA4EA21D4933E5
SHA1:	A7763789FA56CEBBAA849368FAAC7D386F170399
SHA-256:	03359D9BA56231F0CE3E840C7CB5A7DB380141218949CCAA78DDBD4DCB965D52
SHA-512:	4C8D3D5078840BD4DBE20458EBF52890585C5911C22C3EFCE2FB28985461BC80469339DDAF6016FB099C84BDF9B41A26FF1884B456422A8D0C682104D7950D91
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: jaraco.text.Version: 3.12.1.Summary: Module for text manipulation.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/jaraco.text.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: jaraco.functools.Requires-Dist: jaraco.context >=4.1.Requires-Dist: autocommand.Requires-Dist: inflect.Requires-Dist: more-itertools.Requires-Dist: importlib-resources ; python_version < "3.9".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1500
Entropy (8bit):	5.794249493238335
Encrypted:	false
SSDEEP:	24:TkLFn/2zDVLFvbqfuaLFo2kXLFGnLFEsJiLFXamdLFlKbkZ6d3JpPXu/1XWXYXw2:TcnuXDzUuuCw5Jmfblyz3Jp2/NUsM0bN
MD5:	39FCCE64BC768C2046067E4AAD8465F0
SHA1:	2EFC0FC776576A8FE01BBACD0760A49EEE6481DA
SHA-256:	816D945741DCA246099388CA3EED74FC0667ACBAA36F70B559B2494C3979B1F6
SHA-512:	FB2335A6675F9CADEEE38B666FAB9EA1D8BFBA6B7768253D42F44149591A3239F4B2FA19DDF2C282DC7E47A01D7DCA69AADBBCDAC9107EDBCB2C22D11BA81287
Malicious:	false
Preview:	jaraco.text-3.12.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.text-3.12.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.text-3.12.1.dist-info/METADATA,sha256=AzWdm6ViMfDOPoQMfLWn2zgBQSGJScyqeN29TcuWXVI,3658..jaraco.text-3.12.1.dist-info/RECORD,,..jaraco.text-3.12.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..jaraco.text-3.12.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.text-3.12.1.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/text/Lorem ipsum.txt,sha256=N_7c_79zxOufBY9HZ3yzMgOkNv-TkOTTio4BydrSjgs,1335..jaraco/text/__init__.py,sha256=Y2YUqXR_orUoDaY4SkPRe6ZZhb5HUHB_Ah9RCNsVyho,16250..jaraco/text/__pycache__/__init__.cpython-312.pyc,,..jaraco/text/__pycache__/layouts.cpython-312.pyc,,..jaraco/text/__pycache__/show-newlines.cpython-312.pyc,,..jaraco/text/__pycache__/strip-prefix.cpython-312.pyc,,..jaraco/text/__py

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.5216406363433186
Encrypted:	false
SSDEEP:	3:GEG0:GEG0
MD5:	0BA8D736B7B4AB182687318B0497E61E
SHA1:	311BA5FFD098689179F299EF20768EE1A29F586D
SHA-256:	D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
SHA-512:	7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
Malicious:	false
Preview:	jaraco.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text, with very long lines (888)
Category:	dropped
Size (bytes):	1335
Entropy (8bit):	4.226823573023539
Encrypted:	false
SSDEEP:	24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
MD5:	4CE7501F6608F6CE4011D627979E1AE4
SHA1:	78363672264D9CD3F72D5C1D3665E1657B1A5071
SHA-256:	37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
SHA-512:	A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
Malicious:	false
Preview:	Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1053
Entropy (8bit):	5.0945274555157285
Encrypted:	false
SSDEEP:	24:arOJH7H0yxgtUHw1hC09QHOsUv4eOk4/+/m3oqLFh:aSJrlxEvdQHOs5exm3ogFh
MD5:	3396EA30F9D21389D7857719816F83B5
SHA1:	0D43A836DAC65C0EA426AD49C881A1086600BF85
SHA-256:	09F1C8C9E941AF3E584D59641EA9B87D83C0CB0FD007EB5EF391A7E2643C1A46
SHA-512:	D43092223392EDDA3BD777625F5BF54ACB0CC00C25555A4F8A16DB9CCDAFC380D3204486CB2A5FDC9D3F9E459B1FED948FFC7000AA0E40F37B807A01F4421294
Malicious:	false
Preview:	Copyright (c) 2012 Erik Rose..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.of the Software, and to permit persons to whom the Software is furnished to do.so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH THE SO

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	36293
Entropy (8bit):	3.717596190655759
Encrypted:	false
SSDEEP:	384:bs9cnyPtWIRmL0QnCHx4Zi3XBB9GcF89oi+odVBqCv9d3m24TeYH5AvDpG27IFf5:Ua+H1Nsg/
MD5:	5BA05B51B603386707E1E3A101CDD6B3
SHA1:	FFCCEC7FD799CC4AB07530954FEF3BE2472E2C23
SHA-256:	0453BDD0EF9F2CD89540CA63EE8212E73B73809514419DD3037D8FE471F737E0
SHA-512:	FE7F7D6B6C8089B09A18930EF462BA4C7A15EAF6D3E8610AC655ECADE16CE31D9C01ECE84C88A3C2D9DD34DE70E194A020E28179CF33B21389EE3EEFC7229B74
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: more-itertools.Version: 10.3.0.Summary: More routines for operating on iterables, beyond itertools.Keywords: itertools,iterator,iteration,filter,peek,peekable,chunk,chunked.Author-email: Erik Rose <erikrose@grinchcentral.com>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Natural Language :: English.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: Py

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1259
Entropy (8bit):	5.794423512787632
Encrypted:	false
SSDEEP:	24:Bhxn/2zDahxvIhxphxBhxEsJXhxzvXiCflBJRHXoggtqgmf7WJhmsxmwG:hnuXwOph5J3zvXi4Lo7qgQ7WJhS
MD5:	178EE325409DD28809AD3661E8819EF8
SHA1:	F5844FAC6E3C9133FE5F1B8195EE801959801DF3
SHA-256:	77C8E73E018DC0FD7E9ED6C80B05A4404545F641FB085220CE42B368B59AA3D3
SHA-512:	2DB06B622F644674BF7D7AD8B780F9802858D15D73B5075139C2D82181DD6D589B90172BCA7AE9C785E705F447F523DB2AE641826C550C599551A7D8C2396FC2
Malicious:	false
Preview:	more_itertools-10.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..more_itertools-10.3.0.dist-info/LICENSE,sha256=CfHIyelBrz5YTVlkHqm4fYPAyw_QB-te85Gn4mQ8GkY,1053..more_itertools-10.3.0.dist-info/METADATA,sha256=BFO90O-fLNiVQMpj7oIS5ztzgJUUQZ3TA32P5HH3N-A,36293..more_itertools-10.3.0.dist-info/RECORD,,..more_itertools-10.3.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..more_itertools-10.3.0.dist-info/WHEEL,sha256=rSgq_JpHF9fHR1lx53qwg_1-2LypZE_qmcuXbVUq948,81..more_itertools/__init__.py,sha256=dtAbGjTDmn_ghiU5YXfhyDy0phAlXVdt5klZA5fUa-Q,149..more_itertools/__init__.pyi,sha256=5B3eTzON1BBuOLob1vCflyEb2lSd6usXQQ-Cv-hXkeA,43..more_itertools/__pycache__/__init__.cpython-312.pyc,,..more_itertools/__pycache__/more.cpython-312.pyc,,..more_itertools/__pycache__/recipes.cpython-312.pyc,,..more_itertools/more.py,sha256=1E5kzFncRKTDw0cYv1yRXMgDdunstLQd1QStcnL6U90,148370..more_itertools/more.pyi,sha256=iXXeqt48Nxe8VGmIWpkVXuKpR2FYNuu2DU8nQL

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\more_itertools-10.3.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.672346887071811
Encrypted:	false
SSDEEP:	3:RtEeX/QFML6KjP+tPCCfA5I:Rt1QqL6gWBB3
MD5:	FE76A5D309B5416824C2034FBF8A16CD
SHA1:	5975EB6043863B0D018A5D751293F38E0B8E2874
SHA-256:	AD282AFC9A4717D7C7475971E77AB083FD7ED8BCA9644FEA99CB976D552AF78F
SHA-512:	6E4610171DD4E7E49FB4570CF3562D26A4F171FF67DA0F3A259A77916ACB939C8FCA7DA9F473EFAD839947796AC8CD7385DAA3264ADB150FF131A5C0FAC9329C
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: flit 3.8.0.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	197
Entropy (8bit):	4.510719529760597
Encrypted:	false
SSDEEP:	3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreBNA2eBKmJozlMHuO:h9Co8FyQjkDYc5tWreBN0n2mH1
MD5:	FAADAEDCA9251A90B205C9167578CE91
SHA1:	ED1FCABA1DBBF55113ABB419A484F3DF63E7ECFC
SHA-256:	CAD1EF5BD340D73E074BA614D26F7DEACA5C7940C3D8C34852E65C4909686C48
SHA-512:	1E69C89558FFE39E5C1EBB6728C4F0EB6023563C7A7F31B5417A8EFCC906378D2E2AF7B0E06A66980FBAAB7996AEB2AE1EA3918FDBE5FFCC3F77EA888A68EFBC
Malicious:	false
Preview:	This software is made available under the terms of either of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to this software is made.under the terms of both these licenses..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info\LICENSE.APACHE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	10174
Entropy (8bit):	4.3908324771089084
Encrypted:	false
SSDEEP:	192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLhP:U9vlKM1zJlFvmNz5VrZ
MD5:	2EE41112A44FE7014DCE33E26468BA93
SHA1:	598F87F072F66E2269DD6919292B2934DBB20492
SHA-256:	0D542E0C8804E39AA7F37EB00DA5A762149DC682D7829451287E11B938E94594
SHA-512:	27B8C0252EAE50CA3CE02AB7C5670664C0C824E03EB3DA1089F3F0A00D23E648A956BCB9F53645C6D79674A87C4CC86D1085DC335911BE0210D691336B121857
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info\LICENSE.BSD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1344
Entropy (8bit):	5.070827944686827
Encrypted:	false
SSDEEP:	24:fjUnoorbOFFTJJyRrYFTjz796432s4EOkUs8gROF32s3yTtTf413tf9fsZlTHv:fkOFJSrYJR6432svI32s3Stc13tfyTHv
MD5:	7BEF9BF4A8E4263634D0597E7BA100B8
SHA1:	FDC0E4EABC45522B079DEFF7D03D70528D775DC0
SHA-256:	B70E7E9B742F1CC6F948B34C16AA39FFECE94196364BC88FF0D2180F0028FAC5
SHA-512:	96C3273D51B83B6AE1AB85FEFB814DCD6C1E60D311D412242405AA429CC860412477CBD6ECE171408DBB85F0C4FD742E3AF20C758015BC48406AA65A1AB6F60A
Malicious:	false
Preview:	Copyright (c) Donald Stufft and individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE.FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL.DAMAGES (INCLUDING, BUT NOT LIM

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3204
Entropy (8bit):	4.9859857663557925
Encrypted:	false
SSDEEP:	96:DRKnOkaMktjaVMxsxCp5QXFfFKiYEvA9TzBnyD:psZfFhgXNG
MD5:	3236C0D7091D4A6577FA30E061480CEC
SHA1:	F99865B8D3B90AD64A0060F7F2F4C6E4FAEB0A39
SHA-256:	5F7A283B75A709FCCD481AEA42379F083D4F3801753365922E6B0732042515D9
SHA-512:	A9F0BC43A135732510B98E9C0B7F997D9557A6069352372F1AC3216F0E66FA617D9597990904935D58E5139FB34E17995BFA8B95B90C71997206A2B6955FE867
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: packaging.Version: 24.1.Summary: Core utilities for Python packages.Author-email: Donald Stufft <donald@stufft.io>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Language :: Python :: 3.13.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2565
Entropy (8bit):	5.780503861671858
Encrypted:	false
SSDEEP:	48:bsnuXksXW2Bsv8VsQ7lEsahOsbs5Jhsde8UogvtJkHpHAfEcysrD5WJeCzESowj:vXrW2s8JsMdVogvtJkJgfksP5qeCzOwj
MD5:	88FBF3C6BD08040482212DAD5A8EAB02
SHA1:	E7EE66942F7321FB77888D492D57C2EEEA1A5171
SHA-256:	38A6898306293627C81E2B2D8A93E5F6857D5F7EDB73F0334E8D9A53DAD53B6E
SHA-512:	786AE1F883A999A0939C22A756F90D74CC7F87AAF13F6FFF22D8D962D213A1ECBC6AAE2890A5D7347487824CD0E9EB440A3923F01F938EEF068719DFEEE96554
Malicious:	false
Preview:	packaging-24.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..packaging-24.1.dist-info/LICENSE,sha256=ytHvW9NA1z4HS6YU0m996spceUDD2MNIUuZcSQlobEg,197..packaging-24.1.dist-info/LICENSE.APACHE,sha256=DVQuDIgE45qn836wDaWnYhSdxoLXgpRRKH4RuTjpRZQ,10174..packaging-24.1.dist-info/LICENSE.BSD,sha256=tw5-m3QvHMb5SLNMFqo5_-zpQZY2S8iP8NIYDwAo-sU,1344..packaging-24.1.dist-info/METADATA,sha256=X3ooO3WnCfzNSBrqQjefCD1POAF1M2WSLmsHMgQlFdk,3204..packaging-24.1.dist-info/RECORD,,..packaging-24.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..packaging-24.1.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..packaging/__init__.py,sha256=dtw2bNmWCQ9WnMoK3bk_elL1svSlikXtLpZhCFIB9SE,496..packaging/__pycache__/__init__.cpython-312.pyc,,..packaging/__pycache__/_elffile.cpython-312.pyc,,..packaging/__pycache__/_manylinux.cpython-312.pyc,,..packaging/__pycache__/_musllinux.cpython-312.pyc,,..packaging/__pycache__/_parser.cpython-312.pyc,,

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.672346887071811
Encrypted:	false
SSDEEP:	3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
MD5:	24019423EA7C0C2DF41C8272A3791E7B
SHA1:	AAE9ECFB44813B68CA525BA7FA0D988615399C86
SHA-256:	1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
SHA-512:	09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	11429
Entropy (8bit):	5.039575520713946
Encrypted:	false
SSDEEP:	192:n9x/tlCtlsaCUpVQ7yHwgNF8NFvWVDM1RnzadSibNTTh+fOnnxa6jlES4h8a8KAH:3/tlCfsqpq7ydZzM0dGiCbvHcjNj61TA
MD5:	12306075DF09A0DBB93315FADDDF73FB
SHA1:	1AC8A3679AFCFEEC0BA00851F5F8095DD1B060CD
SHA-256:	CE6B227B4D46D4CB57474C2022FE57A557933BB89DAF4596BDF9B12AC296B869
SHA-512:	BA0A72B888A14F82FD44FB103C01EF0900B5302F18E986A8264A9A08AB77D1C655C392374FD7B0A98BEF9B9511F6EC78AF3EF8936091C80A0B5364F7A53DC20A
Malicious:	false
Preview:	Metadata-Version: 2.3.Name: platformdirs.Version: 4.2.2.Summary: A small Python package for determining appropriate platform-specific dirs, e.g. a `user data dir`..Project-URL: Documentation, https://platformdirs.readthedocs.io.Project-URL: Homepage, https://github.com/platformdirs/platformdirs.Project-URL: Source, https://github.com/platformdirs/platformdirs.Project-URL: Tracker, https://github.com/platformdirs/platformdirs/issues.Maintainer-email: Bern.t G.bor <gaborjbernat@gmail.com>, Julian Berman <Julian@GrayVines.com>, Ofek Lev <oss@ofek.dev>, Ronny Pfannschmidt <opensource@ronnypfannschmidt.de>.License-Expression: MIT.License-File: LICENSE.Keywords: appdirs,application,cache,directory,log,user.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1642
Entropy (8bit):	5.780720255872038
Encrypted:	false
SSDEEP:	24:bn/2zDzoobEsJhfPWcs013+pj456szN6lnhta57WJ+guQg4:bnuXcob5Jhfucs+d49hta9WJ+g1X
MD5:	0E141A28570FC62974FC5CEADFE808E3
SHA1:	7B92561C5BBBA83D6E16A1C7B195089ACA1766AF
SHA-256:	4C211D76D42ED40EFC3ACFCC866D8912A718AFBCA2B7E51849442366D6E99FE8
SHA-512:	830721C18A35AECD1EFB81A5FAAF8AC0EA02428EDC5B294458556343788D894B76035F1E661214D975DF2A64DC8C3D6AAA7A53A99BE64B9413B6A5D89D549F9D
Malicious:	false
Preview:	platformdirs-4.2.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..platformdirs-4.2.2.dist-info/METADATA,sha256=zmsie01G1MtXR0wgIv5XpVeTO7idr0WWvfmxKsKWuGk,11429..platformdirs-4.2.2.dist-info/RECORD,,..platformdirs-4.2.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..platformdirs-4.2.2.dist-info/WHEEL,sha256=zEMcRr9Kr03x1ozGwg5v9NQBKn3kndp6LSoSlVg-jhU,87..platformdirs-4.2.2.dist-info/licenses/LICENSE,sha256=KeD9YukphQ6G6yjD_czwzv30-pSHkBHP-z0NS-1tTbY,1089..platformdirs/__init__.py,sha256=EMGE8qeHRR9CzDFr8kL3tA8hdZZniYjXBVZd0UGTWK0,22225..platformdirs/__main__.py,sha256=HnsUQHpiBaiTxwcmwVw-nFaPdVNZtQIdi1eWDtI-MzI,1493..platformdirs/__pycache__/__init__.cpython-312.pyc,,..platformdirs/__pycache__/__main__.cpython-312.pyc,,..platformdirs/__pycache__/android.cpython-312.pyc,,..platformdirs/__pycache__/api.cpython-312.pyc,,..platformdirs/__pycache__/macos.cpython-312.pyc,,..platformdirs/__pycache__/unix.cpython-312.pyc,,..platformdirs/__p

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	87
Entropy (8bit):	4.730668933656452
Encrypted:	false
SSDEEP:	3:RtEeXAaCTR73RP+tPCCfA5I:Rt2PFRWBB3
MD5:	8895639B8515B3094302B59E28AFB562
SHA1:	FBD4DA759EA5BEB65AE820DFBC47F9B569E89519
SHA-256:	CC431C46BF4AAF4DF1D68CC6C20E6FF4D4012A7DE49DDA7A2D2A1295583E8E15
SHA-512:	B53C0978DAD2A7195058ABC7B7D20A229EC617BDDBB364D8ED2354F37D5071208735774350F9FBBA5C804BEFCEFE71C27BC5E468E12899DF4687189C468785A0
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: hatchling 1.24.2.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\platformdirs-4.2.2.dist-info\licenses\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1089
Entropy (8bit):	5.119723466133474
Encrypted:	false
SSDEEP:	24:VrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:VaJHlxE3dQHOs5exm3ogFh
MD5:	EA4F5A41454746A9ED111E3D8723D17A
SHA1:	F511A8A63AF8C6E36004B593478436BBC560EE0C
SHA-256:	29E0FD62E929850E86EB28C3FDCCF0CEFDF4FA94879011CFFB3D0D4BED6D4DB6
SHA-512:	CACA68A5589CA2EAB7C0D74BA5D2B25E3367B9902DFC7578BBA911AC8F8BF1C3A13F25E663C5B6B19BA71BF611943E23F4D0A99BE92A8F7D7FF60732DC3DD409
Malicious:	false
Preview:	MIT License..Copyright (c) 2010-202x The platformdirs developers..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1072
Entropy (8bit):	5.10135495500641
Encrypted:	false
SSDEEP:	24:f9rmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:1aJHlxE3dQHOs5exm3ogFh
MD5:	AAAAF0879D17DF0110D1AA8C8C9F46F5
SHA1:	9DA6CA26337A886FB3E8D30EFD4AEDA623DC9ADE
SHA-256:	B80816B0D530B8ACCB4C2211783790984A6E3B61922C2B5EE92F3372AB2742FE
SHA-512:	EECD0C29FEBF51ADEFB02F970E66EFE7E24D573686DFDB3BEEA63CEFEA012A79CE3C49A899B4F26E9B67DC27176B397F6041909227281F9866BEEDC97389095C
Malicious:	false
Preview:	MIT License..Copyright (c) 2021 Taneli Hukkinen..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CON

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Python script, ASCII text executable
Category:	dropped
Size (bytes):	8875
Entropy (8bit):	4.884349533695185
Encrypted:	false
SSDEEP:	192:h15VsahrDzoGlmLxUJyLIPXR/yrKK3Trclclg2pj4VRR6V8wNVonQd:3swrAamWuIPA2K3v2g
MD5:	CBBF7047A51FEDA58386E86182B85B8A
SHA1:	D3EA3BDA227794AE35FE7FFC5BD6E5FA2A5EF250
SHA-256:	CCF0DC78A98FC0918B5AD67292B1E2C4BED65575A6246CD9D63C914F9942A0F2
SHA-512:	A994914F1676790730C6BDACA26FE5F1B18BA9A3B9F0D24D708C722424DED255360A0CC88E239C6BFE467BD2763DF7339BB6B760AB090FAE474A7C9C8AFA8948
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	Metadata-Version: 2.1.Name: tomli.Version: 2.0.1.Summary: A lil' TOML parser.Keywords: toml.Author-email: Taneli Hukkinen <hukkin@users.noreply.github.com>.Requires-Python: >=3.7.Description-Content-Type: text/markdown.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: MacOS.Classifier: Operating System :: Microsoft :: Windows.Classifier: Operating System :: POSIX :: Linux.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Typing :: Typed.Project-URL: Changelog, https://github.com/hukkin/tomli/blob/master/CHANGELOG.md.Project-URL:

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	999
Entropy (8bit):	5.89030761653127
Encrypted:	false
SSDEEP:	24:4n/2zDRv53Pb4EsJWc6QtD8r8N8bh8WNdop2+oM8+kzAL5+1:4nuXR1Pb45JWc6QmIebKWcpHoM8JMLy
MD5:	D5FAB61E3DB6B54B51FBA607865C195B
SHA1:	B94D9126E8FC9D5F29FAFBB67F068E2D111D17FC
SHA-256:	0CB9F9A451A1E365AC54B4C88662E1DA0CB54A72D16A5258FB0ABFF9D3E1C022
SHA-512:	ABD3EF61D8D578C1DE609560A6985503E60BD53F90DCFF54EBEE23714D9CD88DBA4036ED19B24EC62B8432550311894FCC47BDCCD7CE4DCDE82518F4E02E123C
Malicious:	false
Preview:	tomli-2.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..tomli-2.0.1.dist-info/LICENSE,sha256=uAgWsNUwuKzLTCIReDeQmEpuO2GSLCte6S8zcqsnQv4,1072..tomli-2.0.1.dist-info/METADATA,sha256=zPDceKmPwJGLWtZykrHixL7WVXWmJGzZ1jyRT5lCoPI,8875..tomli-2.0.1.dist-info/RECORD,,..tomli-2.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..tomli-2.0.1.dist-info/WHEEL,sha256=jPMR_Dzkc4X4icQtmz81lnNY_kAsfog7ry7qoRvYLXw,81..tomli/__init__.py,sha256=JhUwV66DB1g4Hvt1UQCVMdfCu-IgAV8FXmvDU9onxd4,396..tomli/__pycache__/__init__.cpython-312.pyc,,..tomli/__pycache__/_parser.cpython-312.pyc,,..tomli/__pycache__/_re.cpython-312.pyc,,..tomli/__pycache__/_types.cpython-312.pyc,,..tomli/_parser.py,sha256=g9-ENaALS-B8dokYpCuzUFalWlog7T-SIYMjLZSWrtM,22633..tomli/_re.py,sha256=dbjg5ChZT23Ka9z9DHOXfdtSpPwUfdgMXnj8NOoly-w,2943..tomli/_types.py,sha256=-GTG2VUqkpxwMqzmVO4F7ybKddIbAnuAHXfmWQcTi3Q,254..tomli/py.typed,sha256=8PjyZ1aVoQpRVvt71muvuq5qE-jTFZkK-GLHkhdebmc,26..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\tomli-2.0.1.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.672346887071811
Encrypted:	false
SSDEEP:	3:RtEeX/QFMthP+tPCCfA5I:Rt1QqDWBB3
MD5:	FF39892A240316BD62B5832C03D504BC
SHA1:	3883FC4406CC9A73BE0B839C1A0C31D3DDD64829
SHA-256:	8CF311FC3CE47385F889C42D9B3F35967358FE402C7E883BAF2EEAA11BD82D7C
SHA-512:	B2E57D9C81BBFB7364B8216FC086B8F73C2F2B537E300FB250EFB7972E3908F77A3D504363676C50A195D307822C69EE9B689DE6C48A4E6B8A6BA89A5A99AC32
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: flit 3.6.0.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	1130
Entropy (8bit):	5.118590213496374
Encrypted:	false
SSDEEP:	24:qt4rWHvH0yPP3Gt6Hw1hP9QHmsUv48OV/+dho3BoqxFB:/S/lPvKhlQHms5QK3WmFB
MD5:	F0E423EEA5C91E7AA21BDB70184B3E53
SHA1:	A51CCDCB7A9D8C2116D1DFC16F11B3C8A5830F67
SHA-256:	6163F7987DFB38D6BC320CE2B70B2F02B862BC41126516D552EF1CD43247E758
SHA-512:	8BE742880E6E8495C7EC4C9ECC8F076A9FC9D64FC84B3AEBBC8D2D10DC62AC2C5053F33B716212DCB76C886A9C51619F262C460FC4B39A335CE1AE2C9A8769A8
Malicious:	false
Preview:	This is the MIT license: http://www.opensource.org/licenses/mit-license.php..Copyright (c) Alex Gr.nholm..Permission is hereby granted, free of charge, to any person obtaining a copy of this.software and associated documentation files (the "Software"), to deal in the Software.without restriction, including without limitation the rights to use, copy, modify, merge,.publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons.to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or.substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,.INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR.PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE.FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF C

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	3717
Entropy (8bit):	4.986068381037722
Encrypted:	false
SSDEEP:	96:DSQRbraktjaAckH94jQnJIK04Fak/grjspC3EklAJj:/Rakd4jA7ak/gvspNWmj
MD5:	B6DAAC02F66AC8403E9061881322BABE
SHA1:	9A94672CCFEA06156A5F8A321CD0626CFD233AE8
SHA-256:	CF675C1C0A744F08580855390DE87CC77D676B312582E8D4CFDB5BB8FD298D21
SHA-512:	9C6B7326C90396AA9E962C2731A1085EDB672B5696F95F552D13350843C09A246E0BBF0EC484862DFF434FA5A86DE4C0B7C963958ADE35A066B9D2384076DD47
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: typeguard.Version: 4.3.0.Summary: Run-time type checker for Python.Author-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.License: MIT.Project-URL: Documentation, https://typeguard.readthedocs.io/en/latest/.Project-URL: Change log, https://typeguard.readthedocs.io/en/latest/versionhistory.html.Project-URL: Source code, https://github.com/agronholm/typeguard.Project-URL: Issue tracker, https://github.com/agronholm/typeguard/issues.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Python: >=3.8.Description-Content

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2402
Entropy (8bit):	5.729208478282605
Encrypted:	false
SSDEEP:	48:eDnuX3DVED9HDDeDfPDLkAosGDlDiVoBFj7XH0H3HuwVB6Kgfkx7J/Q1NK1cQyxk:eyX3WRHDiLPjksV7I47J/Q1U6Qyx5fsJ
MD5:	D680B2881597974ACD91750E5AB61010
SHA1:	E00ED2416B5CE21641E3946905504D62D536972F
SHA-256:	48A51959582478352275428CEECD78EF77D79AC9DAE796E39A2EAF2540282552
SHA-512:	112172ACB515B0712AC58D78898EB159580ADA3DD3F16AABB37CB7A8D964F9E4BADF2869A245927B83B208D56904831C0F04ED925C95DFCB705801734FB0C7BA
Malicious:	false
Preview:	typeguard-4.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typeguard-4.3.0.dist-info/LICENSE,sha256=YWP3mH37ONa8MgzitwsvArhivEESZRbVUu8c1DJH51g,1130..typeguard-4.3.0.dist-info/METADATA,sha256=z2dcHAp0TwhYCFU5Deh8x31nazElgujUz9tbuP0pjSE,3717..typeguard-4.3.0.dist-info/RECORD,,..typeguard-4.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..typeguard-4.3.0.dist-info/entry_points.txt,sha256=qp7NQ1aLtiSgMQqo6gWlfGpy0IIXzoMJmeQTLpzqFZQ,48..typeguard-4.3.0.dist-info/top_level.txt,sha256=4z28AhuDodwRS_c1J_l8H51t5QuwfTseskYzlxp6grs,10..typeguard/__init__.py,sha256=Onh4w38elPCjtlcU3JY9k3h70NjsxXIkAflmQn-Z0FY,2071..typeguard/__pycache__/__init__.cpython-312.pyc,,..typeguard/__pycache__/_checkers.cpython-312.pyc,,..typeguard/__pycache__/_config.cpython-312.pyc,,..typeguard/__pycache__/_decorators.cpython-312.pyc,,..typeguard/__pycache__/_exceptions.cpython-312.pyc,,..typeguard/__pycache__/_functions.cpython-312.pyc,,..typeguard/__pycache__/_i

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info\entry_points.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	48
Entropy (8bit):	4.155187698990101
Encrypted:	false
SSDEEP:	3:mWSJCQEjMitjHfLvn:mrMJHfbn
MD5:	AEAB5BCF8BF89A51C97C4CDF70578848
SHA1:	2E9C1617560AB66431AAB90700DB901985293485
SHA-256:	AA9ECD43568BB624A0310AA8EA05A57C6A72D08217CE830999E4132E9CEA1594
SHA-512:	2BE73E99296DF26A28835F91DD8BC50EB104AF06A3C54666175FAF322E0AD4620453DB0388531C4113B052A92C1D2E4C3088E25AF43CDE42AA852CF7B0CB5B05
Malicious:	false
Preview:	[pytest11].typeguard = typeguard._pytest_plugin.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typeguard-4.3.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	3.321928094887362
Encrypted:	false
SSDEEP:	3:LEJn:M
MD5:	004A2A8CE1AB120A63902A27D76BD964
SHA1:	A4E367AB40410598DADD1FC5F680ED7A176BEB09
SHA-256:	E33DBC021B83A1DC114BF73527F97C1F9D6DE50BB07D3B1EB24633971A7A82BB
SHA-512:	0D8FF9A43897AB390AB41AFE5BAC8BD38A68C2BEF88E844E5B49BF70E3164B226975CC2717AE3DC3428D1CFBB0BE068C243F104915FEE1FFA58C23FBE76FDB89
Malicious:	false
Preview:	typeguard.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typing_extensions-4.12.2.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typing_extensions-4.12.2.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	13936
Entropy (8bit):	5.135214154002924
Encrypted:	false
SSDEEP:	384:cke8RQ6KSAdxC9ad9iqsibQtKti9zpQpzu9Jkh:K8RQ6q7C9ad9iqT8cti9zpQpzu7kh
MD5:	FCF6B249C2641540219A727F35D8D2C2
SHA1:	C6E195F9AA30CC9B675D1612CA4FB7F74111BD35
SHA-256:	3B2F81FE21D181C499C59A256C8E1968455D6689D269AA85373BFB6AF41DA3BF
SHA-512:	70367B908204B5922E5D9D2ACE39437DBAA1EEFDAD1797B50CC6E7DCA168D9B59199353BADDDCAEEE12B49D328FC8132F628952383CFE6803CB4F4BF9B9D6D86
Malicious:	false
Preview:	A. HISTORY OF THE SOFTWARE.==========================..Python was created in the early 1990s by Guido van Rossum at Stichting.Mathematisch Centrum (CWI, see https://www.cwi.nl) in the Netherlands.as a successor of a language called ABC. Guido remains Python's.principal author, although it includes many contributions from others...In 1995, Guido continued his work on Python at the Corporation for.National Research Initiatives (CNRI, see https://www.cnri.reston.va.us).in Reston, Virginia where he released several versions of the.software...In May 2000, Guido and the Python core development team moved to.BeOpen.com to form the BeOpen PythonLabs team. In October of the same.year, the PythonLabs team moved to Digital Creations, which became.Zope Corporation. In 2001, the Python Software Foundation (PSF, see.https://www.python.org/psf/) was formed, a non-profit organization.created specifically to own Python-related Intellectual Property..Zope Corporation was a sponsoring member of the PS

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typing_extensions-4.12.2.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	3018
Entropy (8bit):	5.0579916471633
Encrypted:	false
SSDEEP:	48:DtkCMU2ymXbFX1QI/aMktjaVQEBu+FOK+W6i+qXd0qme28mIp9DvvV+Vz+nlh:DtkCD/mxX1QI/aMktjaVBroBBqd0VODD
MD5:	8303191AC93E4D32457A4A9E3CDAD8E5
SHA1:	B6ADA54B9516D20B69A5DD5CDED868DA22C5E252
SHA-256:	05E51021AF1C9D86EB8D6C7E37C4CECE733D5065B91A6D8389C5690ED440F16D
SHA-512:	F2F5DBE5EA55ED720FA4191180076E9EFFCB9C811C3C7BF1A1201E9D78590B381E125EAF7B8366B28A03383C2958449423548576605E8DCB5CC11C33C9B0E709
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: typing_extensions.Version: 4.12.2.Summary: Backported and Experimental Type Hints for Python 3.8+.Keywords: annotations,backport,checker,checking,function,hinting,hints,type,typechecking,typehinting,typehints,typing.Author-email: "Guido van Rossum, Jukka Lehtosalo, .ukasz Langa, Michael Lee" <levkivskyi@gmail.com>.Requires-Python: >=3.8.Description-Content-Type: text/markdown.Classifier: Development Status :: 5 - Production/Stable.Classifier: Environment :: Console.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Python Software Foundation License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Langua

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typing_extensions-4.12.2.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	571
Entropy (8bit):	5.751670348693122
Encrypted:	false
SSDEEP:	12:rCA89x0a/2zDuxv/vjWaxLbSaLjxjxXaefIE12BATqyo/C:mA87n/2zD6vXCulVZf5Cc4C
MD5:	B884E8832BFB336C2D7F54271F11EE1C
SHA1:	5A3BAABEE79E0CF32D2E87C9AF0FBB3AAD8CACAD
SHA-256:	7710002D81971E632AA6A2FC33DC5D74AAF5D7CAAE22040A65D3E31503B05EE9
SHA-512:	0A5EB3ABED212C474CB5FDDEF47F8E62DAA130128F2BB368A8E1F12E143DAE2F8B2EF4A9B85A883A03C67195829AD637DB7CF7CC4B41535AF6CA5668F8F2BD0B
Malicious:	false
Preview:	__pycache__/typing_extensions.cpython-312.pyc,,..typing_extensions-4.12.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typing_extensions-4.12.2.dist-info/LICENSE,sha256=Oy-B_iHRgcSZxZolbI4ZaEVdZonSaaqFNzv7avQdo78,13936..typing_extensions-4.12.2.dist-info/METADATA,sha256=BeUQIa8cnYbrjWx-N8TOznM9UGW5Gm2DicVpDtRA8W0,3018..typing_extensions-4.12.2.dist-info/RECORD,,..typing_extensions-4.12.2.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..typing_extensions.py,sha256=gwekpyG9DVG3lxWKX4ni8u7nk3We5slG98mA9F3DJQw,134451..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\typing_extensions-4.12.2.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.672346887071811
Encrypted:	false
SSDEEP:	3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
MD5:	24019423EA7C0C2DF41C8272A3791E7B
SHA1:	AAE9ECFB44813B68CA525BA7FA0D988615399C86
SHA-256:	1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
SHA-512:	09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1107
Entropy (8bit):	5.115074330424529
Encrypted:	false
SSDEEP:	24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
MD5:	7FFB0DB04527CFE380E4F2726BD05EBF
SHA1:	5B39C45A91A556E5F1599604F1799E4027FA0E60
SHA-256:	30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
SHA-512:	205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
Malicious:	false
Preview:	MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	2153
Entropy (8bit):	5.088249746074878
Encrypted:	false
SSDEEP:	48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
MD5:	EBEA27DA14E3F453119DC72D84343E8C
SHA1:	7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
SHA-256:	59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
SHA-512:	A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	4557
Entropy (8bit):	5.714200636114494
Encrypted:	false
SSDEEP:	96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
MD5:	44D352C4997560C7BFB82D9360F5985A
SHA1:	BE58C7B8AB32790384E4E4F20865C4A88414B67A
SHA-256:	783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
SHA-512:	281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
Malicious:	false
Preview:	../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.672346887071811
Encrypted:	false
SSDEEP:	3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
MD5:	24019423EA7C0C2DF41C8272A3791E7B
SHA1:	AAE9ECFB44813B68CA525BA7FA0D988615399C86
SHA-256:	1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
SHA-512:	09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.271713330022269
Encrypted:	false
SSDEEP:	3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
MD5:	6180E17C30BAE5B30DB371793FCE0085
SHA1:	E3A12C421562A77D90A13D8539A3A0F4D3228359
SHA-256:	AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
SHA-512:	69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
Malicious:	false
Preview:	[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1023
Entropy (8bit):	5.059832621894572
Encrypted:	false
SSDEEP:	24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
MD5:	141643E11C48898150DAA83802DBC65F
SHA1:	0445ED0F69910EEAEE036F09A39A13C6E1F37E12
SHA-256:	86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
SHA-512:	EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
Malicious:	false
Preview:	Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3575
Entropy (8bit):	5.085545958857746
Encrypted:	false
SSDEEP:	96:D0h4aC/S802Vpnu3pyt1Q+/+DeVb0ksYSwTgD:Oc/z02Vpnu3pytS+2DeVNfSwTW
MD5:	F659E7F578CE6FD3753871DBBBA1F939
SHA1:	C53B0E6A2E3D94093E2FE4978926A7439B47D43C
SHA-256:	508AE4FE43081C64B0B0A2828588B3A8CC3430C6693D1676662569400B0DFDB1
SHA-512:	2C0496B76D259259A8F1E57F3ED2224A7E3E99FF309F764C00A8377BB5BD1C94035BDDF24BD1BA637209677CB9F4E8109F84C50B3488B5B8FC372B6BEDAB9AE0
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: zipp.Version: 3.19.2.Summary: Backport of pathlib-compatible object wrapper for zip files.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/zipp.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: test.Requires-Dist: pytest !=8.1.*,>=6 ; extra == 'test'.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'test'.Requir

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1039
Entropy (8bit):	5.8094923667268965
Encrypted:	false
SSDEEP:	24:An/2zDlvbqfuiwbWk/EsJ6Xam9lpW8OWq3tW36nJA3u3iWwksYW:AnuXlzUuitk/5J6f9lpW8OW4tM6nJSkE
MD5:	1E77310EF3277C93430D969FEAC8FDFC
SHA1:	173240337F249E2A6D54206AA0D0ACB0FDED12D7
SHA-256:	F316F2E03FD9ADE7EBBC0B154706848E2BB8FD568B90935109F0D8E3CE2B9BFE
SHA-512:	68F752DAF2DBEB79644337E4DB9B8CEAEAE3606A865EDC32BE16785DC97BDCF38EF200F0EDC86DC9D71ABA72E108D2851A510F0EB598FFEA286503F0C9772E5E
Malicious:	false
Preview:	zipp-3.19.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..zipp-3.19.2.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..zipp-3.19.2.dist-info/METADATA,sha256=UIrk_kMIHGSwsKKChYizqMw0MMZpPRZ2ZiVpQAsN_bE,3575..zipp-3.19.2.dist-info/RECORD,,..zipp-3.19.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..zipp-3.19.2.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..zipp-3.19.2.dist-info/top_level.txt,sha256=iAbdoSHfaGqBfVb2XuR9JqSQHCoOsOtG6y9C_LSpqFw,5..zipp/__init__.py,sha256=QuI1g00G4fRAcGt-HqbV0oWIkmSgedCGGYsHHYzNa8A,13412..zipp/__pycache__/__init__.cpython-312.pyc,,..zipp/__pycache__/glob.cpython-312.pyc,,..zipp/compat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..zipp/compat/__pycache__/__init__.cpython-312.pyc,,..zipp/compat/__pycache__/py310.cpython-312.pyc,,..zipp/compat/py310.py,sha256=eZpkW0zRtunkhEh8jjX3gCGe22emoKCBJw72Zt4RkhA,219..zipp/glob.py,sha256=etWpnfEoRyf

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\setuptools\_vendor\zipp-3.19.2.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:m:m
MD5:	9B929466EC7848714DE24BCF75AE57CB
SHA1:	ECC9237295CDA9B690BE094E58FAE1458A4B0389
SHA-256:	8806DDA121DF686A817D56F65EE47D26A4901C2A0EB0EB46EB2F42FCB4A9A85C
SHA-512:	C8D8967BE2B5094A5D72BA4BEF5DBDA2CBF539BF3B8B916CF86854087A12DF82B51B7BF5B6EFA79898692EFD22FAD9688058448CAAB198FB708A0E661DC685EA
Malicious:	false
Preview:	zipp.

C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	1130
Entropy (8bit):	5.118590213496374
Encrypted:	false
SSDEEP:	24:qt4rWHvH0yPP3Gt6Hw1hP9QHmsUv48OV/+dho3BoqxFB:/S/lPvKhlQHms5QK3WmFB
MD5:	F0E423EEA5C91E7AA21BDB70184B3E53
SHA1:	A51CCDCB7A9D8C2116D1DFC16F11B3C8A5830F67
SHA-256:	6163F7987DFB38D6BC320CE2B70B2F02B862BC41126516D552EF1CD43247E758
SHA-512:	8BE742880E6E8495C7EC4C9ECC8F076A9FC9D64FC84B3AEBBC8D2D10DC62AC2C5053F33B716212DCB76C886A9C51619F262C460FC4B39A335CE1AE2C9A8769A8
Malicious:	false
Preview:	This is the MIT license: http://www.opensource.org/licenses/mit-license.php..Copyright (c) Alex Gr.nholm..Permission is hereby granted, free of charge, to any person obtaining a copy of this.software and associated documentation files (the "Software"), to deal in the Software.without restriction, including without limitation the rights to use, copy, modify, merge,.publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons.to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or.substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,.INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR.PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE.FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF C

C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	3717
Entropy (8bit):	4.986068381037722
Encrypted:	false
SSDEEP:	96:DSQRbraktjaAckH94jQnJIK04Fak/grjspC3EklAJj:/Rakd4jA7ak/gvspNWmj
MD5:	B6DAAC02F66AC8403E9061881322BABE
SHA1:	9A94672CCFEA06156A5F8A321CD0626CFD233AE8
SHA-256:	CF675C1C0A744F08580855390DE87CC77D676B312582E8D4CFDB5BB8FD298D21
SHA-512:	9C6B7326C90396AA9E962C2731A1085EDB672B5696F95F552D13350843C09A246E0BBF0EC484862DFF434FA5A86DE4C0B7C963958ADE35A066B9D2384076DD47
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: typeguard.Version: 4.3.0.Summary: Run-time type checker for Python.Author-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.License: MIT.Project-URL: Documentation, https://typeguard.readthedocs.io/en/latest/.Project-URL: Change log, https://typeguard.readthedocs.io/en/latest/versionhistory.html.Project-URL: Source code, https://github.com/agronholm/typeguard.Project-URL: Issue tracker, https://github.com/agronholm/typeguard/issues.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Python: >=3.8.Description-Content

C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2402
Entropy (8bit):	5.729208478282605
Encrypted:	false
SSDEEP:	48:eDnuX3DVED9HDDeDfPDLkAosGDlDiVoBFj7XH0H3HuwVB6Kgfkx7J/Q1NK1cQyxk:eyX3WRHDiLPjksV7I47J/Q1U6Qyx5fsJ
MD5:	D680B2881597974ACD91750E5AB61010
SHA1:	E00ED2416B5CE21641E3946905504D62D536972F
SHA-256:	48A51959582478352275428CEECD78EF77D79AC9DAE796E39A2EAF2540282552
SHA-512:	112172ACB515B0712AC58D78898EB159580ADA3DD3F16AABB37CB7A8D964F9E4BADF2869A245927B83B208D56904831C0F04ED925C95DFCB705801734FB0C7BA
Malicious:	false
Preview:	typeguard-4.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typeguard-4.3.0.dist-info/LICENSE,sha256=YWP3mH37ONa8MgzitwsvArhivEESZRbVUu8c1DJH51g,1130..typeguard-4.3.0.dist-info/METADATA,sha256=z2dcHAp0TwhYCFU5Deh8x31nazElgujUz9tbuP0pjSE,3717..typeguard-4.3.0.dist-info/RECORD,,..typeguard-4.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..typeguard-4.3.0.dist-info/entry_points.txt,sha256=qp7NQ1aLtiSgMQqo6gWlfGpy0IIXzoMJmeQTLpzqFZQ,48..typeguard-4.3.0.dist-info/top_level.txt,sha256=4z28AhuDodwRS_c1J_l8H51t5QuwfTseskYzlxp6grs,10..typeguard/__init__.py,sha256=Onh4w38elPCjtlcU3JY9k3h70NjsxXIkAflmQn-Z0FY,2071..typeguard/__pycache__/__init__.cpython-312.pyc,,..typeguard/__pycache__/_checkers.cpython-312.pyc,,..typeguard/__pycache__/_config.cpython-312.pyc,,..typeguard/__pycache__/_decorators.cpython-312.pyc,,..typeguard/__pycache__/_exceptions.cpython-312.pyc,,..typeguard/__pycache__/_functions.cpython-312.pyc,,..typeguard/__pycache__/_i

C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.812622295095324
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
MD5:	43136DDE7DD276932F6197BB6D676EF4
SHA1:	6B13C105452C519EA0B65AC1A975BD5E19C50122
SHA-256:	189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
SHA-512:	E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info\entry_points.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	48
Entropy (8bit):	4.155187698990101
Encrypted:	false
SSDEEP:	3:mWSJCQEjMitjHfLvn:mrMJHfbn
MD5:	AEAB5BCF8BF89A51C97C4CDF70578848
SHA1:	2E9C1617560AB66431AAB90700DB901985293485
SHA-256:	AA9ECD43568BB624A0310AA8EA05A57C6A72D08217CE830999E4132E9CEA1594
SHA-512:	2BE73E99296DF26A28835F91DD8BC50EB104AF06A3C54666175FAF322E0AD4620453DB0388531C4113B052A92C1D2E4C3088E25AF43CDE42AA852CF7B0CB5B05
Malicious:	false
Preview:	[pytest11].typeguard = typeguard._pytest_plugin.

C:\Users\user\AppData\Local\Temp\_MEI63882\typeguard-4.3.0.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	3.321928094887362
Encrypted:	false
SSDEEP:	3:LEJn:M
MD5:	004A2A8CE1AB120A63902A27D76BD964
SHA1:	A4E367AB40410598DADD1FC5F680ED7A176BEB09
SHA-256:	E33DBC021B83A1DC114BF73527F97C1F9D6DE50BB07D3B1EB24633971A7A82BB
SHA-512:	0D8FF9A43897AB390AB41AFE5BAC8BD38A68C2BEF88E844E5B49BF70E3164B226975CC2717AE3DC3428D1CFBB0BE068C243F104915FEE1FFA58C23FBE76FDB89
Malicious:	false
Preview:	typeguard.

C:\Users\user\AppData\Local\Temp\_MEI63882\unicodedata.pyd

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	302872
Entropy (8bit):	7.986490052260418
Encrypted:	false
SSDEEP:	6144:EtX6biS7ltWh4BvaEyS+KPUR30JlSEwV7hqoUnJG4qKOF6J:EZLS5YiyEFPPl3yqrJG4V06J
MD5:	71A9251C68EE8772F514ADAEA332E20D
SHA1:	3392737A6869B4DA869D2A0B9C597DC1355915C4
SHA-256:	8419E45441A5967C8156DA0A2A5866CB09D04CD566F8113255C930B7351F50EB
SHA-512:	4EC0B64E8ED9153305705FB247C918631EAF4407DAF20CCFB60A325EEE7485F856ADD080FB5B676A48D845E943C30A13A44671F74CD8A6A096CBD81F49F0E418
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3m..3m..3m..:...5m......1m......>m......;m......0m......0m..x...1m..3m..cm......2m......2m....j.2m......2m..Rich3m..................PE..d...]..e.........." ...#.`.......0.......@................................................`.............................................X....................@..........................................................@...........................................UPX0.....0..............................UPX1.....`...@...^..................@....rsrc................b..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\LICENSE.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1107
Entropy (8bit):	5.115074330424529
Encrypted:	false
SSDEEP:	24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
MD5:	7FFB0DB04527CFE380E4F2726BD05EBF
SHA1:	5B39C45A91A556E5F1599604F1799E4027FA0E60
SHA-256:	30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
SHA-512:	205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
Malicious:	false
Preview:	MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	2153
Entropy (8bit):	5.088249746074878
Encrypted:	false
SSDEEP:	48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
MD5:	EBEA27DA14E3F453119DC72D84343E8C
SHA1:	7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
SHA-256:	59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
SHA-512:	A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
Malicious:	false
Preview:	Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	4557
Entropy (8bit):	5.714200636114494
Encrypted:	false
SSDEEP:	96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
MD5:	44D352C4997560C7BFB82D9360F5985A
SHA1:	BE58C7B8AB32790384E4E4F20865C4A88414B67A
SHA-256:	783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
SHA-512:	281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
Malicious:	false
Preview:	../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.672346887071811
Encrypted:	false
SSDEEP:	3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
MD5:	24019423EA7C0C2DF41C8272A3791E7B
SHA1:	AAE9ECFB44813B68CA525BA7FA0D988615399C86
SHA-256:	1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
SHA-512:	09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

C:\Users\user\AppData\Local\Temp\_MEI63882\wheel-0.43.0.dist-info\entry_points.txt

Download File

Process:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.271713330022269
Encrypted:	false
SSDEEP:	3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
MD5:	6180E17C30BAE5B30DB371793FCE0085
SHA1:	E3A12C421562A77D90A13D8539A3A0F4D3228359
SHA-256:	AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
SHA-512:	69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
Malicious:	false
Preview:	[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.994844285042161
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	tor-browser-windows-x86_64-portable-14.0.2.exe
File size:	14'451'360 bytes
MD5:	0d471709feba575823c5d89293bddf62
SHA1:	23a969daff09442e725aafa81864c6eeae706cfb
SHA256:	eec8d8dbdc517184ddfa7353ed89e4ac4d2e6c2fefef2a8c4e2c81bb4b6a9047
SHA512:	521dc58da370ba77b54b6e93d1e8750354f5f7fee14f9c72d78741228dde1060489d2be06f3b4e9fa3e9a55349f4ca6ca43c66f74e7d2f499f8f2cd288d200d5
SSDEEP:	393216:m92LWeftByxjZL+9qzgAD7fEUNPOjMR+0:qstAjF+9qcK7fEYRr
TLSH:	A3E6332CA6E10A97F989103D9F56EC6DD552BC612B94C59F32FD316E1E2F2C4CC26E20
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc.....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d..

File Icon


Icon Hash:	0761a594a6c56317

Static PE Info

General

Entrypoint:	0x14000cdb0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x6740A02D [Fri Nov 22 15:15:57 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	72c4e339b7af8ab1ed2eb3821c98713a

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/03/2024 03:54:22 12/03/2025 03:54:22
Subject Chain	CN="Nine Rivers Sky Roar Commit Trade Co., Ltd.", O="Nine Rivers Sky Roar Commit Trade Co., Ltd.", L=Jiujiang, S=Jiangxi, C=CN, OID.1.3.6.1.4.1.311.60.2.1.1=Jiujiang, OID.1.3.6.1.4.1.311.60.2.1.2=Jiangxi, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91360402MACHADCC93, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	4E0565C4F6C07E840699BFFCEE8DD860
Thumbprint SHA-1:	2DAE7C97B1CE082B6FA5B6CC0786BAD87AFEF563
Thumbprint SHA-256:	79B622C069BAB2F8C1A6D838E61F062D8486C32D469980AF9BF7BC2E0DF9062F
Serial:	01F61D5311CEDD61DEE28CAA

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FC868EDAF5Ch
dec eax
add esp, 28h
jmp 00007FC868EDAB7Fh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
call 00007FC868EDB328h
test eax, eax
je 00007FC868EDAD23h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007FC868EDAD07h
dec eax
cmp ecx, eax
je 00007FC868EDAD16h
xor eax, eax
dec eax
cmpxchg dword ptr [0003577Ch], ecx
jne 00007FC868EDACF0h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007FC868EDACF9h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007FC868EDAD09h
mov byte ptr [00035765h], 00000001h
call 00007FC868EDA455h
call 00007FC868EDB740h
test al, al
jne 00007FC868EDAD06h
xor al, al
jmp 00007FC868EDAD16h
call 00007FC868EE825Fh
test al, al
jne 00007FC868EDAD0Bh
xor ecx, ecx
call 00007FC868EDB750h
jmp 00007FC868EDACECh
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [0003572Ch], 00000000h
mov ebx, ecx
jne 00007FC868EDAD69h
cmp ecx, 01h
jnbe 00007FC868EDAD6Ch
call 00007FC868EDB29Eh
test eax, eax
je 00007FC868EDAD2Ah
test ebx, ebx
jne 00007FC868EDAD26h
dec eax
lea ecx, dword ptr [00035716h]
call 00007FC868EE8052h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3ca5c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x47000	0x1ffd5	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x44000	0x2250	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0xdc5970	0x2930
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x67000	0x764	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3a080	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x39f40	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2b000	0x4a0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x29f00	0x2a000	a6c3b829cc8eaabb1a474c227e90407f	False	0.5514206659226191	data	6.487493643901088	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2b000	0x12a50	0x12c00	5af8068c0c981edd4ab115cacb8b8373	False	0.5245182291666667	data	5.752737698225504	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3e000	0x53f8	0xe00	dba0caeecab624a0ccc0d577241601d1	False	0.134765625	data	1.8392217063172436	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x44000	0x2250	0x2400	181312260a85d10a1454ba38901c499b	False	0.4705946180555556	data	5.290347578351011	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x47000	0x1ffd5	0x20000	1f0a120a853ec003d8477f6b642ac27f	False	0.30507659912109375	data	6.143652768124741	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x67000	0x764	0x800	816c68eeb419ee2c08656c31c06a0fff	False	0.5576171875	data	5.2809528666624175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x47294	0x47fe	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	1.0006511123168746
RT_ICON	0x4ba94	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	0.1220424701289483
RT_ICON	0x5c2bc	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	0.21522201228153046
RT_ICON	0x604e4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.2796680497925311
RT_ICON	0x62a8c	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6400	0.3235207100591716
RT_ICON	0x644f4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.3829737335834897
RT_ICON	0x6559c	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	0.47090163934426227
RT_ICON	0x65f24	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1600	0.5459302325581395
RT_ICON	0x665dc	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.5975177304964538
RT_GROUP_ICON	0x66a44	0x84	data	0.7121212121212122
RT_MANIFEST	0x66ac8	0x50d	XML 1.0 document, ASCII text	0.4694508894044857

Imports

DLL	Import
USER32.dll	CreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dll	GetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
ADVAPI32.dll	OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dll	SelectObject, DeleteObject, CreateFontIndirectW

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 23, 2024 10:32:11.846021891 CET	49711	443	192.168.2.5	104.21.35.75
Nov 23, 2024 10:32:11.846069098 CET	443	49711	104.21.35.75	192.168.2.5
Nov 23, 2024 10:32:11.846141100 CET	49711	443	192.168.2.5	104.21.35.75
Nov 23, 2024 10:32:11.846673012 CET	49711	443	192.168.2.5	104.21.35.75
Nov 23, 2024 10:32:11.846690893 CET	443	49711	104.21.35.75	192.168.2.5
Nov 23, 2024 10:32:13.067133904 CET	443	49711	104.21.35.75	192.168.2.5
Nov 23, 2024 10:32:13.067821026 CET	49711	443	192.168.2.5	104.21.35.75
Nov 23, 2024 10:32:13.067862988 CET	443	49711	104.21.35.75	192.168.2.5
Nov 23, 2024 10:32:13.069842100 CET	443	49711	104.21.35.75	192.168.2.5
Nov 23, 2024 10:32:13.069930077 CET	49711	443	192.168.2.5	104.21.35.75
Nov 23, 2024 10:32:13.071407080 CET	49711	443	192.168.2.5	104.21.35.75
Nov 23, 2024 10:32:13.071590900 CET	49711	443	192.168.2.5	104.21.35.75
Nov 23, 2024 10:32:13.071598053 CET	443	49711	104.21.35.75	192.168.2.5
Nov 23, 2024 10:32:13.071666002 CET	49711	443	192.168.2.5	104.21.35.75

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 23, 2024 10:32:11.490036011 CET	54652	53	192.168.2.5	1.1.1.1
Nov 23, 2024 10:32:11.832123041 CET	53	54652	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 23, 2024 10:32:11.490036011 CET	192.168.2.5	1.1.1.1	0xb235	Standard query (0)	steamcomunty.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 23, 2024 10:32:11.832123041 CET	1.1.1.1	192.168.2.5	0xb235	No error (0)	steamcomunty.com		104.21.35.75	A (IP address)	IN (0x0001)	false
Nov 23, 2024 10:32:11.832123041 CET	1.1.1.1	192.168.2.5	0xb235	No error (0)	steamcomunty.com		172.67.215.222	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	04:32:03
Start date:	23/11/2024
Path:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe"
Imagebase:	0x7ff6e2150000
File size:	14'451'360 bytes
MD5 hash:	0D471709FEBA575823C5D89293BDDF62
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:32:06
Start date:	23/11/2024
Path:	C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe"
Imagebase:	0x7ff6e2150000
File size:	14'451'360 bytes
MD5 hash:	0D471709FEBA575823C5D89293BDDF62
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	9.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	14.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	25

Executed Functions

Function 00007FF6E21589E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257
synchronizationwindowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6E2159390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E21545F4,00000000,00007FF6E2151985), ref: 00007FF6E21593C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158A56

Part of subcall function 00007FF6E216A47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216A490

Part of subcall function 00007FF6E216871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2168783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158AE6
CreateProcessW.KERNELBASE ref: 00007FF6E2158B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158B28

Part of subcall function 00007FF6E2152C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152C9E
Part of subcall function 00007FF6E2152C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152D63
Part of subcall function 00007FF6E2152C50: MessageBoxW.USER32 ref: 00007FF6E2152D99

RegisterClassW.USER32 ref: 00007FF6E2158B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158B8B
CreateWindowExW.USER32 ref: 00007FF6E2158BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C15
PeekMessageW.USER32 ref: 00007FF6E2158C39
TranslateMessage.USER32 ref: 00007FF6E2158C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C51
PeekMessageW.USER32 ref: 00007FF6E2158C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158E04
GetExitCodeProcess.KERNELBASE ref: 00007FF6E2158E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158E2F

Strings

Failed to create child process!, xrefs: 00007FF6E2158B30
PyInstaller Onefile Hidden Window, xrefs: 00007FF6E2158B95
CreateProcessW, xrefs: 00007FF6E2158B37
PyInstallerOnefileHiddenWindow, xrefs: 00007FF6E2158B54

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: d34f318321396c6ef3bccb8f269c3551d5259abaa500b26c299c64c913794145
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: 9FD13E32E08A8686E7109F34E8543EA2766FF8575CF400235DB5EC2AA4DFBDD7858705

Function 00007FF6E2151000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to convert DLL search path!, xrefs: 00007FF6E2153DD4
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF6E2153EB3
Failed to start splash screen!, xrefs: 00007FF6E2153ECC
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6E2153D12
pyi-contents-directory, xrefs: 00007FF6E2153B8D
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF6E2153C61
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF6E2153D35
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF6E2153971
pyi-runtime-tmpdir, xrefs: 00007FF6E2153B68
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6E21539DE
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF6E2153A17, 00007FF6E2153A2F, 00007FF6E2153A9B
Failed to load splash screen resources!, xrefs: 00007FF6E2153E7D
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF6E2153B32
Py_GIL_DISABLED, xrefs: 00007FF6E2153AF4
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF6E2153BE8
pkg, xrefs: 00007FF6E21539BE
MEI, xrefs: 00007FF6E2153933
pyi-disable-windowed-traceback, xrefs: 00007FF6E2153BB2
Could not create temporary directory!, xrefs: 00007FF6E2153CBF
_PYI_ARCHIVE_FILE, xrefs: 00007FF6E21538D2, 00007FF6E21539FF
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF6E2153882, 00007FF6E21538AF
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF6E2153E02
_PYI_SPLASH_IPC, xrefs: 00007FF6E2153A23, 00007FF6E2153EED
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF6E2153E9E
VCRUNTIME140.dll, xrefs: 00007FF6E2153DA9
pyi-python-flag, xrefs: 00007FF6E2153AD6
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF6E2153A0B, 00007FF6E2153CD4, 00007FF6E2153F63
Failed to remove temporary directory: %s, xrefs: 00007FF6E2153FC7

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: 1c0c080c3661273316168b0c257fe8fed071b4bd607a6398fd676193384e9d95
Instruction ID: fad8cc674aa4c5e35a163e9aed1c6309e523e12c0ecdb3f728acf6881d5253ff
Opcode Fuzzy Hash: 1c0c080c3661273316168b0c257fe8fed071b4bd607a6398fd676193384e9d95
Instruction Fuzzy Hash: AA329E23E4C68691FA15DB24D4543F92293AF85788F8440B2DB4DC32D6EFAEE754C30A

Function 00007FF6E2175C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6E2175C45

Part of subcall function 00007FF6E2175598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21755AC

Part of subcall function 00007FF6E216A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
Part of subcall function 00007FF6E216A948: GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

Part of subcall function 00007FF6E216A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6E216A8DF,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216A909
Part of subcall function 00007FF6E216A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6E216A8DF,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216A92E

_get_daylight.LIBCMT ref: 00007FF6E2175C34

Part of subcall function 00007FF6E21755F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E217560C

_get_daylight.LIBCMT ref: 00007FF6E2175EAA
_get_daylight.LIBCMT ref: 00007FF6E2175EBB
_get_daylight.LIBCMT ref: 00007FF6E2175ECC
GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E217610C), ref: 00007FF6E2175EF3

Strings

Eastern Summer Time, xrefs: 00007FF6E2175FB1
Eastern Standard Time, xrefs: 00007FF6E2175F99

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction ID: c21f94be5ef94d7bb4a99adc6697a178678c1d8f23b357d24c335c03a63720ff
Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction Fuzzy Hash: DAD1BC23E1824296E7249F25D8803F96762EBC6788F448035EF0DC76D5DFBEE641874A

Function 00007FF6E2176964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6E2176698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21766D9
Part of subcall function 00007FF6E2176698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2176757
Part of subcall function 00007FF6E2176698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21767A8

CreateFileW.KERNELBASE ref: 00007FF6E2176A6A
CreateFileW.KERNEL32 ref: 00007FF6E2176ABA
GetLastError.KERNEL32 ref: 00007FF6E2176AEA
GetFileType.KERNELBASE ref: 00007FF6E2176AFF
GetLastError.KERNEL32 ref: 00007FF6E2176B09
CloseHandle.KERNEL32 ref: 00007FF6E2176B3C
CloseHandle.KERNEL32 ref: 00007FF6E2176C9F
CreateFileW.KERNEL32 ref: 00007FF6E2176CD4
GetLastError.KERNEL32 ref: 00007FF6E2176CE3

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: 0d847bccb3289a34f2cba70938e7d9977cbf713cc589450f8c2d6dc6fccd3c3e
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 2EC1AD33F28A8585EB10CFA9C4902AC3762EB8AB98B010225DB1ED77D4CF7AD651C305

Function 00007FF6E21583C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E215842B
RemoveDirectoryW.KERNEL32(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584AE
DeleteFileW.KERNELBASE(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584CD
FindNextFileW.KERNELBASE(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584DB
FindClose.KERNELBASE(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584EC
RemoveDirectoryW.KERNELBASE(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584F5

Strings

%s\*, xrefs: 00007FF6E21583F2

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
Instruction ID: 9cecd306de45bf0d5a2691eabb3e9b2d1649b7ecf0d442e53a0356671f710a82
Opcode Fuzzy Hash: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
Instruction Fuzzy Hash: E5418F23E4C54681EA209F20F4483FA63A2FB95758F410272DB9EC26C4DFAED785C706

Function 00007FF6E2175E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6E2175EAA

Part of subcall function 00007FF6E21755F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E217560C

_get_daylight.LIBCMT ref: 00007FF6E2175EBB

Part of subcall function 00007FF6E2175598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21755AC

_get_daylight.LIBCMT ref: 00007FF6E2175ECC

Part of subcall function 00007FF6E21755C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21755DC

Part of subcall function 00007FF6E216A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
Part of subcall function 00007FF6E216A948: GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E217610C), ref: 00007FF6E2175EF3

Strings

Eastern Summer Time, xrefs: 00007FF6E2175FB1
Eastern Standard Time, xrefs: 00007FF6E2175F99

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction ID: 99d2a59c9df3fa0981c408bdb53a70e523697dc7540e0f17aadc0cc14e9d67e3
Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction Fuzzy Hash: C8519B33E0864286E720DF25D8813E96762FB89788F404135EB0DC36D5DFBEE600874A

Function 00007FF6E2159280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF6E21592B3
FindClose.KERNELBASE ref: 00007FF6E21592C2

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: dafe307e0607b00f08d51c152ec2e7c48ee04cff9de743b5296253bb86369ae2
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: DBF0A423E1864186F7608B60F4887B67351BB8432CF040235DB6EC2AD4DF7DD248CA09

Function 00007FF6E2151950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6E2157F90: _fread_nolock.LIBCMT ref: 00007FF6E215803A

_fread_nolock.LIBCMT ref: 00007FF6E2151A1B

Part of subcall function 00007FF6E2152910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6E2151B6A), ref: 00007FF6E215295E

Strings

MEI, xrefs: 00007FF6E2151991
Failed to seek to cookie position!, xrefs: 00007FF6E21519EE
calloc, xrefs: 00007FF6E2151A68
malloc, xrefs: 00007FF6E2151B22
Error on file., xrefs: 00007FF6E2151B8D
Could not read full TOC!, xrefs: 00007FF6E2151B55
Could not allocate memory for archive structure!, xrefs: 00007FF6E2151A61
Could not allocate buffer for TOC!, xrefs: 00007FF6E2151B1B
fseek, xrefs: 00007FF6E21519F5
Failed to read cookie!, xrefs: 00007FF6E2151A2B
fread, xrefs: 00007FF6E2151A32, 00007FF6E2151B5C

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 70c875ae13451ebc6921e11026a808857521fb963ce313c5eb273bd5d0283093
Instruction ID: e280768a830f528bfaf53595ea54fdf141a7295d116ef14f411f5e8142ff26dd
Opcode Fuzzy Hash: 70c875ae13451ebc6921e11026a808857521fb963ce313c5eb273bd5d0283093
Instruction Fuzzy Hash: 96818273E0868686EB21DB14D0803F923A3AF85748F444475EB4EC7785DEBEE745874A

Function 00007FF6E2151600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6E21516DA
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6E21517DF
malloc, xrefs: 00007FF6E2151749
fwrite, xrefs: 00007FF6E21517D1
Failed to extract %s: failed to open target file!, xrefs: 00007FF6E215165C
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF6E2151742
fopen, xrefs: 00007FF6E2151663
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6E21516A2
Failed to create symbolic link %s!, xrefs: 00007FF6E2151622
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF6E21517CA
fseek, xrefs: 00007FF6E21516E1
fread, xrefs: 00007FF6E21517E6

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: 699b07d72f1735d7c885b9dbb6de8a58e33d3d0405fcbb6628763dd0b7ee24f4
Instruction ID: 14f70254904721b0c814fe08b53c9a12940062c80676413d58f49948e9547f18
Opcode Fuzzy Hash: 699b07d72f1735d7c885b9dbb6de8a58e33d3d0405fcbb6628763dd0b7ee24f4
Instruction Fuzzy Hash: 5F51AC63E4864282EA11AB55D4402E92393BF8179CF484571EF1DC77D2DFBEE744830A

Function 00007FF6E2158660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF6E2153CBB), ref: 00007FF6E2158704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF6E2153CBB), ref: 00007FF6E215870A
CreateDirectoryW.KERNELBASE(?,00000000,00007FF6E2153CBB), ref: 00007FF6E215874C

Part of subcall function 00007FF6E2158830: GetEnvironmentVariableW.KERNEL32(00007FF6E215388E), ref: 00007FF6E2158867
Part of subcall function 00007FF6E2158830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6E2158889

Part of subcall function 00007FF6E2168238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2168251

Part of subcall function 00007FF6E2152810: MessageBoxW.USER32 ref: 00007FF6E21528EA

Strings

TMP, xrefs: 00007FF6E215869C, 00007FF6E21587A3
_MEI%d, xrefs: 00007FF6E2158712
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF6E215877E
LOADER: failed to set the TMP environment variable., xrefs: 00007FF6E21586DC
TMP, xrefs: 00007FF6E21586C2

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction ID: b6b1e06ab56150865575e8018c6460c5ad60f7de8c75506e6a76c0b049cfb0fc
Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction Fuzzy Hash: DE41B523E2964644EA20AB65A8513F91293AF857CCF810071DF0DC77DADEBED745C24A

Function 00007FF6E2151210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6E215141E
malloc, xrefs: 00007FF6E21512C1, 00007FF6E21512F6
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF6E21512BA
1.3.1, xrefs: 00007FF6E2151249
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF6E2151276
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6E21512EF

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: b715c76ab38b7b4dfee5c32bc52a61b3ea5d4668c2ab7e2166fd60b1101cc4ae
Instruction ID: 8c5a92bd6e53f7045fc4d07042ef86adc34abfbca8375d64d92e7f31b9c8af18
Opcode Fuzzy Hash: b715c76ab38b7b4dfee5c32bc52a61b3ea5d4668c2ab7e2166fd60b1101cc4ae
Instruction Fuzzy Hash: 5451DF23E4864285EA61AB11E4503FA6293BF81798F480175EF0DC77C5EFBEE641C70A

Function 00007FF6E216ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6E216F0AA,?,?,-00000018,00007FF6E216AD53,?,?,?,00007FF6E216AC4A,?,?,?,00007FF6E2165F3E), ref: 00007FF6E216EE8C
GetProcAddress.KERNEL32(?,?,?,00007FF6E216F0AA,?,?,-00000018,00007FF6E216AD53,?,?,?,00007FF6E216AC4A,?,?,?,00007FF6E2165F3E), ref: 00007FF6E216EE98

Strings

api-ms-, xrefs: 00007FF6E216EDD6
ext-ms-, xrefs: 00007FF6E216EDE9

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 02a5e0b0d5784069128e0ac7d93baa69024115d0f734a7f67243c0751cba561d
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: 8A41F933F2D60141EA15CB56D8407F92293BF49B98F984639DE1DC7384EFBEE6058209

Function 00007FF6E21536B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF6E2153804), ref: 00007FF6E21536E1
GetLastError.KERNEL32(?,00007FF6E2153804), ref: 00007FF6E21536EB

Part of subcall function 00007FF6E2152C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152C9E
Part of subcall function 00007FF6E2152C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152D63
Part of subcall function 00007FF6E2152C50: MessageBoxW.USER32 ref: 00007FF6E2152D99

Strings

Failed to convert executable path to UTF-8., xrefs: 00007FF6E2153790
GetModuleFileNameW, xrefs: 00007FF6E21536FA
\\?\, xrefs: 00007FF6E215375A
Failed to obtain executable path., xrefs: 00007FF6E21536F3
Failed to resolve full path to executable %ls., xrefs: 00007FF6E2153739

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 2bd2243f81b6cd83946e9cb5a380921d6839b4a9877ad4fb7bbf521e3f0b8684
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: E1219F63F5864281FA209B20E8443FA2252BF8834CF800172E75EC75D5EEAEE705C34A

Function 00007FF6E216BA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216BE89

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: bd5e670e2ac73c9d5051395424effa1a9c5fa8f9f080fcfac4df12f3bd03b0fb
Instruction ID: 492d430053e0d7cf1c2dbfa9cb2693a0f9569cbe61735da1678834133986f1ef
Opcode Fuzzy Hash: bd5e670e2ac73c9d5051395424effa1a9c5fa8f9f080fcfac4df12f3bd03b0fb
Instruction Fuzzy Hash: 8AC1F033D2868681E6608B1590803FD6B52EB81B98F550131EB4ED7791CEFFE745870A

Function 00007FF6E2158570 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6E2158590
OpenProcessToken.ADVAPI32 ref: 00007FF6E21585A3
GetTokenInformation.KERNELBASE ref: 00007FF6E21585C8
GetLastError.KERNEL32 ref: 00007FF6E21585D2
GetTokenInformation.KERNELBASE ref: 00007FF6E2158612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6E215862E
CloseHandle.KERNEL32 ref: 00007FF6E2158646

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction ID: 4323e6d103b4b3498319d9643d724ab856bddbdb4d8cd012e415deaf337ec80e
Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction Fuzzy Hash: 17216432E0C64641EB108B59F4443AAA3A2FFC17A8F500235E76DC3AD4DFADD6458745

Function 00007FF6E21590E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6E2158570: GetCurrentProcess.KERNEL32 ref: 00007FF6E2158590
Part of subcall function 00007FF6E2158570: OpenProcessToken.ADVAPI32 ref: 00007FF6E21585A3
Part of subcall function 00007FF6E2158570: GetTokenInformation.KERNELBASE ref: 00007FF6E21585C8
Part of subcall function 00007FF6E2158570: GetLastError.KERNEL32 ref: 00007FF6E21585D2
Part of subcall function 00007FF6E2158570: GetTokenInformation.KERNELBASE ref: 00007FF6E2158612
Part of subcall function 00007FF6E2158570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6E215862E
Part of subcall function 00007FF6E2158570: CloseHandle.KERNEL32 ref: 00007FF6E2158646

LocalFree.KERNEL32(?,00007FF6E2153C55), ref: 00007FF6E215916C
LocalFree.KERNEL32(?,00007FF6E2153C55), ref: 00007FF6E2159175

Strings

D:(A;;FA;;;%s), xrefs: 00007FF6E2159157
D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF6E2159142
S-1-3-4, xrefs: 00007FF6E2159121
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF6E2159183

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction ID: ca79256b2201b0e9c25f9119f18bf51f1d685f183fb2bcda15a90feb3d907493
Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction Fuzzy Hash: 29217E23E0874281F610AB50E8553EA62A2FF89788F444071EB4DC37C6DFBEDA44C786

Function 00007FF6E2157E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00000000,?,00007FF6E215352C,?,00000000,00007FF6E2153F1B), ref: 00007FF6E2157F32

Strings

%.*s, xrefs: 00007FF6E2157EEB
\, xrefs: 00007FF6E2157E97
%s%c, xrefs: 00007FF6E2157EA4

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction ID: c463de639151b2a20e2dccdaefdc30b5360a639a126e70f1264d9c112f97a014
Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction Fuzzy Hash: 8B31E122F19AC545EA218B20E8503EA6256FB84BE8F040231EF6DC7BC9DF6DD3028705

Function 00007FF6E216CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E216CF4B), ref: 00007FF6E216D07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E216CF4B), ref: 00007FF6E216D107

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: bbe36dfc50154ff811872fef0901d9746f4721379bd6ee3374ba3ef7169d3319
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: 0791B633E2865145F7509F6598803FD27A2BB4478CF544139DF0ED6684DFBAD642C70A

Function 00007FF6E216F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6E216FA7C
_get_daylight.LIBCMT ref: 00007FF6E216FA8D
_get_daylight.LIBCMT ref: 00007FF6E216FA9E
_isindst.LIBCMT ref: 00007FF6E216FB69

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: 79549f2cd96a98e9e411ca4400af2d3accca44a6a7150b61b93e2ad45f33d56a
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 4F511473F142528AEB28CF6499913FC2762AB4435CF140235DF1ED2AE5DF79A602C705

Function 00007FF6E216577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF6E21657AF
GetFileInformationByHandle.KERNELBASE ref: 00007FF6E2165811
GetLastError.KERNEL32 ref: 00007FF6E21658A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E21656B4), ref: 00007FF6E21658EE

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
Instruction ID: 14e35ba40ae6f47b8af5e0545336bc8860c4aaa4d73f5676cdd2c989ddd3b2a8
Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
Instruction Fuzzy Hash: 13517B33E286419AFB10CF65D4903BD27A6AB48B9CF108434DF49C7A88DFB9D6808706

Function 00007FF6E2165628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2165655
CreateFileW.KERNELBASE ref: 00007FF6E2165694
CloseHandle.KERNEL32 ref: 00007FF6E21656C9

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction ID: 4c8c9976b9b00495593ec1a5b1f6a18b4f3f91f93af2ad3f720d123519577c2e
Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction Fuzzy Hash: 1B41B233D2878293E3108B20D5903BD6262FB943A8F108334E79C83AD1DFADA2E08745

Function 00007FF6E215CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E215CE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6E215CE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6E215CC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF6E215CCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF6E215CD21

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: c146bd5e7abf35718aaa6020d33936ce2044c7f1bb20c4d66abb7160ae859cec
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: 9E310823E8814742FA14AB65D4613F91683AF9538CF4454B4DB0EC72E3DEAFA704824B

Function 00007FF6E2169A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF6E2169A2C), ref: 00007FF6E2169A41
TerminateProcess.KERNEL32(?,?,?,00007FF6E2169A2C), ref: 00007FF6E2169A4C
ExitProcess.KERNEL32 ref: 00007FF6E2169A5B

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction ID: 70789bed07e5b05ce9050992da6ebba834131a8f4610f79bd5c3d0b5dfc5e63c
Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction Fuzzy Hash: 12D06722F1870643EA142B70A8992FD12976F89719B141438CA0BC6393DEAFAB49424B

Function 00007FF6E216013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2160180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2160277

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: 30c3763d89886e07d4315b4f6fe4fda6d624e3a475df585e20560161f028a5ef
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: 4B51A533E29241C6E6249A2594407FE6692BF44BACF184638DF6DC37C5CEFED641860A

Function 00007FF6E216C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF6E216C2CD), ref: 00007FF6E216C180
GetLastError.KERNEL32(?,?,?,?,?,00007FF6E216C2CD), ref: 00007FF6E216C18A

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: fc239428f3a6f8c1d01bab348f449e7ef3cfe90046669e426bd1b90bc14303dc
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: BF11D332A18A4181DA208B15E8442AD6262AB51BF8F540331EB7DC77D4CEBDD2508705

Function 00007FF6E2165924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E2165839), ref: 00007FF6E2165957
SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E2165839), ref: 00007FF6E216596D

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction ID: 25466b283d67363eb08b3168fbe6daa45e92ea5eae636ce9aec0285396e088d7
Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction Fuzzy Hash: D611B232A1C60281EB144F04E4903BFB761EB85779F500235FB9AC1AD4EFADD254CB05

Function 00007FF6E216A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction ID: 2b7bb5caf54601de81718cb3568a320cb6d12908abee972b8ace5ab0a43008a3
Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction Fuzzy Hash: 7BE08622F2920282FF155BF1D4953FD12536FC5B08F450030CB0EC2291DEAE6B81831A

Function 00007FF6E216AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,00007FF6E216A9D5,?,?,00000000,00007FF6E216AA8A), ref: 00007FF6E216ABC6
GetLastError.KERNEL32(?,?,?,00007FF6E216A9D5,?,?,00000000,00007FF6E216AA8A), ref: 00007FF6E216ABD0

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: 8af83a48d930e2481a7f8504f8b280fc53c269beb8ca2e5512b1937eac560a3d
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: AE218033F2868641EAA0575194D03FD16839F84799F084239DB2EC77D1CEEEE645430A

Function 00007FF6E216BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216BED4

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: bc4c7fcf9ad18f5357ab9ef51cba9ed6663c0d754578cc927a6373d5b4e39766
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: 7D41B333D2824187EA248B19A5903BD77A2EB55748F140131DB8FD36D1CFAEE702CB56

Function 00007FF6E2157F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF6E215803A

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 8f4ba5022fc30e0ba7cf4537500ecc8a70287c5e6e532bbcdc4af1ac85e1c2ee
Instruction ID: 109f8931e339dbb2203410112c125ae6b6be11d81210b76afb8625317c638c7a
Opcode Fuzzy Hash: 8f4ba5022fc30e0ba7cf4537500ecc8a70287c5e6e532bbcdc4af1ac85e1c2ee
Instruction Fuzzy Hash: 64219322F5865586EB509B2274043FA9642BF45BC8F894570EF0DC7786DEFEE281C20A

Function 00007FF6E216B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216B9C2

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: 194d74d16e6a73733035c7f928ed1f22a79c56efce7a1825664ded22063e102f
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: A0314F73E3860285E6215F5584813FD2692AB80B98F510135EB5ED73D2CEFEE741871B

Function 00007FF6E2169961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6E216998F

Part of subcall function 00007FF6E2169A88: GetModuleHandleExW.KERNEL32 ref: 00007FF6E2169AAD
Part of subcall function 00007FF6E2169A88: GetProcAddress.KERNEL32 ref: 00007FF6E2169AC3
Part of subcall function 00007FF6E2169A88: FreeLibrary.KERNEL32 ref: 00007FF6E2169AEA

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction ID: 8b86f537d065719becd4bb556afaaf2c0d4318d5edcd1b0ce627b8a4d048b6a3
Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction Fuzzy Hash: 60214873E24A458AEB248F64C4803EC32A1FB4471CF44463AD76D86A95DFB99688C746

Function 00007FF6E2165F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2165EF9

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 76f563a76c1fed680811b9f7e66cad760f45e5995727c7e35f74b097dceb3ff8
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 0F119633E3C64285EE609F5194803FDA666BF85B88F544431EB4CD7A96CFBED600874A

Function 00007FF6E2176354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2176377

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: f238275630b9d07fa206712b732f1cd0be768266f3d93338a05784b6060caf09
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: EF219033A18A8186DB608F18D4803AA77A2BBC5B98F144234E75EC66D9DF7ED901CB05

Function 00007FF6E21603BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2160410

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: a8e9193938e96db4a6899d2125effc54e388453fb9c83d684b9fe25ccc9e535f
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: DF01C232E2874180E914DB5299402FDA692BF81FE8F484674EF5CD3BD6CEBED6018305

Function 00007FF6E216D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6E2160C90,?,?,?,00007FF6E21622FA,?,?,?,?,?,00007FF6E2163AE9), ref: 00007FF6E216D63A

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 1b729a97783a4f9e648918843534332faf5fb6e452d756187362e842679ca94b
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 7EF05E22F2924245FE6417715C813FD11935FC57ACF084730DF2EC52C1DEAEA690825A

Non-executed Functions

Function 00007FF6E2155830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155840
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155852
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155889
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215589B
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558B4
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558C6
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558DF
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558F1
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215590D
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215591F
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215593B
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215594D
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155969
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215597B
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155997
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21559A9
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21559C5
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21559D7

Strings

PyObject_Str, xrefs: 00007FF6E2155DAF, 00007FF6E2155DD1
PyErr_Fetch, xrefs: 00007FF6E2155ACF, 00007FF6E2155AF1
PyErr_Clear, xrefs: 00007FF6E2155AA1, 00007FF6E2155AC3
PyErr_Occurred, xrefs: 00007FF6E2155B2B, 00007FF6E2155B4D
Py_IsInitialized, xrefs: 00007FF6E2155931, 00007FF6E2155953
Py_PreInitialize, xrefs: 00007FF6E215595F, 00007FF6E2155981
PyImport_ImportModule, xrefs: 00007FF6E2155C3F, 00007FF6E2155C61
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF6E2155DDD, 00007FF6E2155DFF
Py_ExitStatusException, xrefs: 00007FF6E21558AA, 00007FF6E21558CC
PyImport_AddModule, xrefs: 00007FF6E2155BE3, 00007FF6E2155C05
Py_InitializeFromConfig, xrefs: 00007FF6E2155903, 00007FF6E2155925
PyConfig_SetBytesString, xrefs: 00007FF6E2155A17, 00007FF6E2155A39
PySys_GetObject, xrefs: 00007FF6E2155E67, 00007FF6E2155E89
Py_Finalize, xrefs: 00007FF6E21558D5, 00007FF6E21558F7
Py_DecRef, xrefs: 00007FF6E2155836, 00007FF6E2155858
PyConfig_Read, xrefs: 00007FF6E21559E9, 00007FF6E2155A0B
PyMem_RawFree, xrefs: 00007FF6E2155C9B, 00007FF6E2155CBD
PyErr_NormalizeException, xrefs: 00007FF6E2155AFD, 00007FF6E2155B1F
PyStatus_Exception, xrefs: 00007FF6E2155E39, 00007FF6E2155E5B
PyUnicode_DecodeFSDefault, xrefs: 00007FF6E2155F1F, 00007FF6E2155F41
PyConfig_SetString, xrefs: 00007FF6E2155A45, 00007FF6E2155A67
PyMarshal_ReadObjectFromString, xrefs: 00007FF6E2155C6D, 00007FF6E2155C8F
PyUnicode_FromFormat, xrefs: 00007FF6E2155F4D, 00007FF6E2155F6F
PyUnicode_Join, xrefs: 00007FF6E2155FA9, 00007FF6E2155FCB
PyModule_GetDict, xrefs: 00007FF6E2155CC9, 00007FF6E2155CEB
PyImport_ExecCodeModule, xrefs: 00007FF6E2155C11, 00007FF6E2155C33
PyErr_Print, xrefs: 00007FF6E2155B59, 00007FF6E2155B7B
Py_DecodeLocale, xrefs: 00007FF6E215587F, 00007FF6E21558A1
PyConfig_SetWideStringList, xrefs: 00007FF6E2155A73, 00007FF6E2155A95
PyUnicode_AsUTF8, xrefs: 00007FF6E2155EC3, 00007FF6E2155EE5
PyEval_EvalCode, xrefs: 00007FF6E2155BB5, 00007FF6E2155BD7
PyObject_CallFunctionObjArgs, xrefs: 00007FF6E2155D25, 00007FF6E2155D47
PyUnicode_FromString, xrefs: 00007FF6E2155F7B, 00007FF6E2155F9D
PyConfig_InitIsolatedConfig, xrefs: 00007FF6E21559BB, 00007FF6E21559DD
PyConfig_Clear, xrefs: 00007FF6E215598D, 00007FF6E21559AF
PyErr_Restore, xrefs: 00007FF6E2155B87, 00007FF6E2155BA9
PyUnicode_Decode, xrefs: 00007FF6E2155EF1, 00007FF6E2155F13
PyUnicode_Replace, xrefs: 00007FF6E2155FD7, 00007FF6E2155FF9
PyObject_SetAttrString, xrefs: 00007FF6E2155D81, 00007FF6E2155DA3
GetProcAddress, xrefs: 00007FF6E2155868
PySys_SetObject, xrefs: 00007FF6E2155E95, 00007FF6E2155EB7
PyRun_SimpleStringFlags, xrefs: 00007FF6E2155E0B, 00007FF6E2155E2D
Failed to get address for %hs, xrefs: 00007FF6E2155861
PyObject_CallFunction, xrefs: 00007FF6E2155CF7, 00007FF6E2155D19
PyObject_GetAttrString, xrefs: 00007FF6E2155D53, 00007FF6E2155D75

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: 61912f7acd12f7028def84b506919813b99d23d3d85f1c986a977b6d58bc4d6c
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: 9922B366D49B07A1FA558B55E8147F422A3BF8674DF541035C61FC22A0FFFEA788830A

Function 00007FF6E21740AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF6E21740FA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2174766
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21748DC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2174B9A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2174DBA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2174FF7
memcpy_s.LIBCPMT ref: 00007FF6E21750D2
memcpy_s.LIBCPMT ref: 00007FF6E217517D
memcpy_s.LIBCPMT ref: 00007FF6E217524C

Strings

1#IND, xrefs: 00007FF6E21741E7
1#INF, xrefs: 00007FF6E2174223
1#SNAN, xrefs: 00007FF6E217420A
1#QNAN, xrefs: 00007FF6E2174213

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction ID: 4c1e702b34a3e6dede4ea9f6e0f7c4dac6c75aee0c3f92040e6175ee154c66c0
Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction Fuzzy Hash: 72B2B173E182928AE7258E64D4407FD36B2FB9638CF505135DB09D7AC4DFBAAA008B45

Function 00007FF6E215ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON

Download Yara Rule

Strings

invalid literal/lengths set, xrefs: 00007FF6E215B133
invalid bit length repeat, xrefs: 00007FF6E215B099
invalid distances set, xrefs: 00007FF6E215B1A0
too many length or distance symbols, xrefs: 00007FF6E215AE46
invalid literal/length code, xrefs: 00007FF6E215B3E2
invalid distance code, xrefs: 00007FF6E215B5B4
invalid code lengths set, xrefs: 00007FF6E215AE2D
invalid distance too far back, xrefs: 00007FF6E215B670
invalid code -- missing end-of-block, xrefs: 00007FF6E215B0C6

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
API String ID: 0-2665694366
Opcode ID: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
Instruction ID: 0fcb3ac30640c787e44de0d9dc5d5a4d864d26dfe6978ea2d3d7fa47ba5322ce
Opcode Fuzzy Hash: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
Instruction Fuzzy Hash: FD52C173E546A68BD7A48F14C458BBE3BAAEB44344F014139E74AC3784DFBADA40CB45

Function 00007FF6E215D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6E215D148
RtlCaptureContext.KERNEL32 ref: 00007FF6E215D175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6E215D18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF6E215D1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF6E215D224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6E215D241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6E215D24C

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: 7edca1d3394ab746c28357a8ee3b33e26f8d548fc3ccf9a36028711439e90a6f
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: E7315C73A09B8186EB608F60E8843EE3361FB95708F04403ADB4E87B94DF79D648C705

Function 00007FF6E216A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6E216A68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6E216A6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF6E216A6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF6E216A719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6E216A723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6E216A72E

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: 2dbbba5189a78a9a9ec759c725910a8f6a79c7b8fb61533b103f6baa5aee0b4a
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: 78316B33A18B8186DB208B25E8843EE73A5FB99758F540135EB8EC3B94DF7DD2458B05

Function 00007FF6E2171874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21718C0
FindFirstFileExW.KERNEL32 ref: 00007FF6E21719CA

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction ID: 6c393394069bc4215b11d833ee78c6cce62ca57a7224454f15f98c1ffa4e4691
Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction Fuzzy Hash: 28B1C323F1868241EA609B25D4003F963A2EB86BE8F485131DF4DC7BC5EEBDE641C305

Function 00007FF6E215D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6E215D03C
GetCurrentThreadId.KERNEL32 ref: 00007FF6E215D04A
GetCurrentProcessId.KERNEL32 ref: 00007FF6E215D056
QueryPerformanceCounter.KERNEL32 ref: 00007FF6E215D066

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: 1ceb0bab9867d38da2ed9b918334c53b4a219aeab7db985b1e650b3fe4a1bcf1
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 25111C22B15B058AEB008B60E8943B933A4FB5A75CF440E31EB6DC67A4DFB8E2548345

Function 00007FF6E2173C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF6E2173C76
memcpy_s.LIBCPMT ref: 00007FF6E2173CA1

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction ID: a1e03ea2ccd1ac99ea131dbcfb64d2df5407c1bc6e73d4ae00c64246b36bb272
Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction Fuzzy Hash: 3BC1C273A1828687E7248F15E0447AAB7A2F785B88F548135DB4A83784DF7EEA018B45

Function 00007FF6E215A47B Relevance: 4.1, Strings: 3, Instructions: 397COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6E215A55B
header crc mismatch, xrefs: 00007FF6E215A921
unknown header flags set, xrefs: 00007FF6E215A4C5

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown header flags set
API String ID: 0-1127688429
Opcode ID: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
Instruction ID: 238af929d3d5f56df4bd90365aab5273e3f4121c36601c7fbd74de87fb8c56b0
Opcode Fuzzy Hash: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
Instruction Fuzzy Hash: 86F19373E982D54AE7A58B14C088B7A3AAAFF44748F054178DB49C7390DFBEE640C785

Function 00007FF6E2179728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF6E2179977
RaiseException.KERNEL32 ref: 00007FF6E2179988

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction ID: a364e19e01bb0b2eb2e3c8ccf8a511d924802f8dfeddb576de29cd2f60dab028
Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction Fuzzy Hash: 1AB16973A00B898AEB19CF29C8463A83BA1F785B4CF148821DB5DC37A4CF7AD555C705

Function 00007FF6E21639A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6E2163D54
, xrefs: 00007FF6E2163B12

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction ID: 93080bee145216c5bd7219e8d4cf938bfbdcc40f531b7b05f0b6cabaa1153682
Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction Fuzzy Hash: 1AE1C333E2864641E7688E2980D02BD23A2EF44F4CF144135DB0EC76D4DF6BEA51D38A

Function 00007FF6E215A2DB Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

invalid window size, xrefs: 00007FF6E215A449
incorrect header check, xrefs: 00007FF6E215A462

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: incorrect header check$invalid window size
API String ID: 0-900081337
Opcode ID: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
Instruction ID: 3afc2104ada945f00a4b104c2bb307a2d0eaf39a016b22c03fdb83fdb9108a72
Opcode Fuzzy Hash: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
Instruction Fuzzy Hash: 99919873E582C687E7A48F14C448BBE3AAAFB44358F114179DB4AC6784CF79E640CB46

Function 00007FF6E216DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FF6E216E07A
e+000, xrefs: 00007FF6E216DFFD

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction ID: 422e9faffacbdb3fe5438a286be37af845098dd3a7ac4ee4bb5c465478665ef9
Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction Fuzzy Hash: 0A514773F2C2C146E7258E3598807AD7B92E744B98F488231CB98C7AC5CFBED6458706

Function 00007FF6E21708C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 237fa8d459c5d11eae1bba494416b753c006fbba9c027a8b8839988129060696
Instruction ID: 8f04fcdc2ebd974156d42b00ebfcd179606330be072241aac3c460d6f0b5e06b
Opcode Fuzzy Hash: 237fa8d459c5d11eae1bba494416b753c006fbba9c027a8b8839988129060696
Instruction Fuzzy Hash: 6602BD23E2E75245FA659F11D4403F92682AF82BA8F554638DF5DC63D1DEFFA600830A

Function 00007FF6E216DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF6E216DD9E

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction ID: a420c57a094133f0ddea8a48229c62689bee480be18aebdacce6b588c25ab5e8
Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction Fuzzy Hash: 79A14573E1878A46EB21CB25A8807ED7B92AB55B88F058031DF4DC7785DEBED601C706

Function 00007FF6E2168794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

TMP, xrefs: 00007FF6E21687B3

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: TMP
API String ID: 3215553584-3125297090
Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction ID: c26cbada80029d38dbd9691e29de71c8c78d85d39f4b809241cd2901af3c0b69
Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction Fuzzy Hash: 89510923F2860641FA289B2655813FE52976F85BDCF594034DF0DC37D2EEBEE609420A

Function 00007FF6E2173480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF6E2173484

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction ID: 279d64049274333b05f02fb0c8d900d5157538cd9418afc20a404b42c75f16c7
Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction Fuzzy Hash: 19B09221E07A42C2EA092B25AC8635822A6BF98704F980138C20EC0330DF6D36F55706

Function 00007FF6E21635A0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction ID: 492094b6d87542d2b3db45de0f73a516f63a1ce01ea5f009c047798a3abed5e3
Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction Fuzzy Hash: E6D1A273E2864245EB688E2980903BD26A2AB45F4CF144235CF0DC7795DFBBDA45C7CA

Function 00007FF6E2159800 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction ID: cd5c53c1c5cf6f78542a016948c6e4e4135f40588f0ad700b85eda2e4af0e07e
Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction Fuzzy Hash: E5C1DE726181E08BD28AEB29E4794BA33D1F78930DB95406BEF87877C5CB3CA514DB11

Function 00007FF6E2162C10 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction ID: ecc9476b3aa320d53ba4c75552c40c18dff4fa5703125449336ad2f87804fca1
Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction Fuzzy Hash: CFB16C7392868585E7648F29C4902BC3BA2E749B4CF244176CB4EC7395CFABD641C74B

Function 00007FF6E216E570 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction ID: 3451be0a63c26f56e5db6dc80595070f3b3857b3251a2929358ec26993e1c4d5
Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction Fuzzy Hash: 7B81D373E2C28146D6648F1994807AE6A92FB45798F104335DB8DC3B89DF7EE6008B46

Function 00007FF6E2176418 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 15e29a2b048034b7d11d1b87b7baa88ea743f66ca2db996e50da050e1c2114ce
Instruction ID: 2906972e16f2ea3d32900d8574d996fc82ad279ce80ac5f2a31f09ef85c5e2ed
Opcode Fuzzy Hash: 15e29a2b048034b7d11d1b87b7baa88ea743f66ca2db996e50da050e1c2114ce
Instruction Fuzzy Hash: 3661EB33E1C2D246F7648A68D4507BD5782AF827E8F540239E71DC26C5DEEFEA408746

Function 00007FF6E2162164 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction ID: f0ff65c9ca261a7faf162b0fbd8a31795cd8705af060deca8369c0a289fc3f7f
Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction Fuzzy Hash: 08515437E2865281E7248B29C4803AD23A2EB54B5CF244175CB8DD7794CF6BEA43C746

Function 00007FF6E2161944 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction ID: 95abba74e248313da0c078272a3e63d875fd88de3dcba1d8e7e0d8a4712bf19e
Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction Fuzzy Hash: 9A515F37E2865286E7248F29C0803AC27A2EB44B5CF285131CB8DD7794CFBBE942C745

Function 00007FF6E2161D54 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction ID: a0c9d68ea5ce957ce4d193111dcfb7a4a635332c4948d67de6c0081736ef3f24
Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction Fuzzy Hash: 70516D77E2865186E7258B29C0843AC33A2EB55B6CF284131CB4DC7794CFBBEA52C745

Function 00007FF6E2161B50 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction ID: ec546edc733175108c34ab8b979a6e2a2689c1ccafb3f8201fcba96b3202f8a1
Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction Fuzzy Hash: A9518E37E2865286E7348B29C0843AC27A2EB45B5CF285131CB4CD7794DFBBEA42D745

Function 00007FF6E2161F60 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction ID: ee4460225faa15c24418c95c5780cf25ef7805b066574836cc27a352f127724c
Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction Fuzzy Hash: D8514E37E2865586E7248B2980843AD37A2EB44B5CF284171CB4CD7799CF6BE942C746

Function 00007FF6E2161740 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction ID: b37049c33942cd7f3e1cd4f7075d2582449b0bc6fb45ca0a3bbf64f2c02a9beb
Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction Fuzzy Hash: CB515137E2865585E7248B29C0803AC27A6EB45B5CF284131CF4DD7794CF7BEA42C785

Function 00007FF6E2165D30 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction ID: 2956fee043aff786c92236de4335aa6e10fb63f3df7f9da31d2e4bc1b884ca32
Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction Fuzzy Hash: 4B41E373C2D74A15EDA9895C05887FC66829F12BA8D6812B4CFADD73C3CD4F6786C206

Function 00007FF6E2169EA0 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction ID: ce9ff97821c856b70982a03b61bebebc3d8b4a9dfbd2680d741340b55a0ba736
Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction Fuzzy Hash: C141E633B24A5582EF08CF2AD9942A9B392B748FD8B199432EF0DD7B54DE7EC1418305

Function 00007FF6E21680E4 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
Instruction ID: f40c4abe43fbc326ab00cef4489e8f1c0878792bf16bccc0b06e6938d34a7ef9
Opcode Fuzzy Hash: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
Instruction Fuzzy Hash: 22312433F28B4241E7649F21A4802BD66D6AB85BD4F144238EB8DD3BD5CFBDD2028309

Function 00007FF6E2179570 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction ID: 81343a0ce76fad54714960c5df2990d1060ebb5dba8ce14c9b2038bfb673850e
Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction Fuzzy Hash: 99F04472F182958ADB988F6DA44266A77D1F748384F408039D689C3A04DE7D91618F09

Function 00007FF6E215D30C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction ID: 85e300a71177dd4d6ec3d650d6daef627b434b34f3c3408e9cf03b3ba8dca411
Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction Fuzzy Hash: B7A00162D4D80AD0E6848B00E8902A62222BBA5308B8000B1E20ED14A09FAEA644D30A

Function 00007FF6E21576C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF6E21576D7
GetLastError.KERNEL32 ref: 00007FF6E21576E9
GetProcAddress.KERNEL32 ref: 00007FF6E2157725
GetLastError.KERNEL32 ref: 00007FF6E2157737
GetProcAddress.KERNEL32 ref: 00007FF6E2157750
GetLastError.KERNEL32 ref: 00007FF6E2157762
GetProcAddress.KERNEL32 ref: 00007FF6E215777B
GetLastError.KERNEL32 ref: 00007FF6E215778D
GetProcAddress.KERNEL32 ref: 00007FF6E21577A9
GetLastError.KERNEL32 ref: 00007FF6E21577BB
GetProcAddress.KERNEL32 ref: 00007FF6E21577D7
GetLastError.KERNEL32 ref: 00007FF6E21577E9
GetProcAddress.KERNEL32 ref: 00007FF6E2157805
GetLastError.KERNEL32 ref: 00007FF6E2157817
GetProcAddress.KERNEL32 ref: 00007FF6E2157833
GetLastError.KERNEL32 ref: 00007FF6E2157845
GetProcAddress.KERNEL32 ref: 00007FF6E2157861
GetLastError.KERNEL32 ref: 00007FF6E2157873

Strings

Tcl_DeleteInterp, xrefs: 00007FF6E21577FB, 00007FF6E215781D
Tcl_Finalize, xrefs: 00007FF6E215779F, 00007FF6E21577C1
Tcl_GetString, xrefs: 00007FF6E2157AAD, 00007FF6E2157ACF
Tcl_ConditionNotify, xrefs: 00007FF6E215796B, 00007FF6E215798D
Tcl_FindExecutable, xrefs: 00007FF6E2157746, 00007FF6E2157768
Tcl_NewByteArrayObj, xrefs: 00007FF6E2157B09, 00007FF6E2157B2B
Tk_Init, xrefs: 00007FF6E2157C79, 00007FF6E2157C9B
Tcl_SetVar2, xrefs: 00007FF6E2157A51, 00007FF6E2157A73
Tcl_MutexFinalize, xrefs: 00007FF6E215790F, 00007FF6E2157931
Tcl_ConditionWait, xrefs: 00007FF6E2157999, 00007FF6E21579BB
Tcl_EvalFile, xrefs: 00007FF6E2157B93, 00007FF6E2157BB5
Tcl_MutexLock, xrefs: 00007FF6E21578B3, 00007FF6E21578D5
Tk_GetNumMainWindows, xrefs: 00007FF6E2157CA7, 00007FF6E2157CC9
Tcl_Alloc, xrefs: 00007FF6E2157C1D, 00007FF6E2157C3F
Tcl_CreateObjCommand, xrefs: 00007FF6E2157A7F, 00007FF6E2157AA1
Tcl_CreateThread, xrefs: 00007FF6E2157829, 00007FF6E215784B
Tcl_EvalEx, xrefs: 00007FF6E2157BC1, 00007FF6E2157BE3
Tcl_CreateInterp, xrefs: 00007FF6E215771B, 00007FF6E215773D
Tcl_EvalObjv, xrefs: 00007FF6E2157BEF, 00007FF6E2157C11
Tcl_ConditionFinalize, xrefs: 00007FF6E215793D, 00007FF6E215795F
Tcl_DoOneEvent, xrefs: 00007FF6E2157771, 00007FF6E2157793
Tcl_ThreadQueueEvent, xrefs: 00007FF6E21579C7, 00007FF6E21579E9
Tcl_FinalizeThread, xrefs: 00007FF6E21577CD, 00007FF6E21577EF
Tcl_GetVar2, xrefs: 00007FF6E2157A23, 00007FF6E2157A45
Tcl_GetObjResult, xrefs: 00007FF6E2157B65, 00007FF6E2157B87
Tcl_NewStringObj, xrefs: 00007FF6E2157ADB, 00007FF6E2157AFD
Tcl_JoinThread, xrefs: 00007FF6E2157885, 00007FF6E21578A7
Tcl_MutexUnlock, xrefs: 00007FF6E21578E1, 00007FF6E2157903
Tcl_Init, xrefs: 00007FF6E21576D0, 00007FF6E21576EF
GetProcAddress, xrefs: 00007FF6E21576FF
Tcl_ThreadAlert, xrefs: 00007FF6E21579F5, 00007FF6E2157A17
Tcl_SetVar2Ex, xrefs: 00007FF6E2157B37, 00007FF6E2157B59
Failed to get address for %hs, xrefs: 00007FF6E21576F8
Tcl_Free, xrefs: 00007FF6E2157C4B, 00007FF6E2157C6D
Tcl_GetCurrentThread, xrefs: 00007FF6E2157857, 00007FF6E2157879

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: d4fcec3a5ca4f9591e8bb36d8304c89a6795169d3bb1fb21de402dbcca68c2b9
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: D702BD22D4DB0B81FA159B55E8157F422B3BF8675CF440071D62EC22A4EFBEB349824A

Function 00007FF6E21581D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E2159390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E21545F4,00000000,00007FF6E2151985), ref: 00007FF6E21593C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF6E21586B7,?,?,00000000,00007FF6E2153CBB), ref: 00007FF6E215822C

Part of subcall function 00007FF6E2152810: MessageBoxW.USER32 ref: 00007FF6E21528EA

Strings

LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF6E215829D
CreateDirectory, xrefs: 00007FF6E215837C
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF6E2158373
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6E21582D9
%.*s, xrefs: 00007FF6E215830C
LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6E2158240
\, xrefs: 00007FF6E2158261
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6E2158203

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction ID: 742266539339f380f7d01bb8cc031d0b1cb4cf8df55caaf7343e42ed436f9aba
Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction Fuzzy Hash: 0B51C613E6C64641FA509B24E8513FA2292AF9478CF444431DB0EC26D5EFBEE744C34A

Function 00007FF6E2152180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF6E21521AB
SelectObject.GDI32 ref: 00007FF6E21521F2
DrawTextW.USER32 ref: 00007FF6E2152215
SelectObject.GDI32 ref: 00007FF6E215222B
ReleaseDC.USER32 ref: 00007FF6E215223B
MoveWindow.USER32 ref: 00007FF6E215228B
MoveWindow.USER32 ref: 00007FF6E21522CB
MoveWindow.USER32 ref: 00007FF6E215231E
MoveWindow.USER32 ref: 00007FF6E2152366

Strings

P%, xrefs: 00007FF6E21521FF

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: 88934d0cb49f134a6707a2c70a978a97294f9114fbb6d15c30608fcc9f30caa8
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: 36511627A04BA186D6249F22E4182BAB7A2FB98B65F004131EFDFC3694DF7CD145CB14

Function 00007FF6E21580C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF6E21580FF
GetWindowLongPtrW.USER32 ref: 00007FF6E215817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF6E2158192
GetLastError.KERNEL32 ref: 00007FF6E215819C
SetWindowLongPtrW.USER32 ref: 00007FF6E21581B3

Strings

Needs to remove its temporary files., xrefs: 00007FF6E2158185

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: 05de7c8ada41b03055de0bd0b14ba55dc046350cd25bbd3725ebefc9006d3b17
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: 0D217322F48A4681E6418B7AF8443A96252BF89B98F594130DB1EC33D4DEADD7808306

Function 00007FF6E2166290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21662D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21666C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216695C

Strings

:, xrefs: 00007FF6E216648C
f, xrefs: 00007FF6E21663F5
p, xrefs: 00007FF6E21663FD
p, xrefs: 00007FF6E2166385
-, xrefs: 00007FF6E2166369

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: e5618eb1ce352b458c9695171c1a42a65443f160b02f216b9756641bcd42cc2d
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 4B1291B3E2928386FB245A14A1843FD7757EB40798F844135D789C66C4DFBEE6808B4A

Function 00007FF6E2160FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2161008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21613D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216166F

Strings

f, xrefs: 00007FF6E2161255
f, xrefs: 00007FF6E216110A
p, xrefs: 00007FF6E2161112
p, xrefs: 00007FF6E21610AD
f, xrefs: 00007FF6E21610A0

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: 012b4fa190d1dc8efa997cde36dcfe31ac972b722b789b4e8db7d436b7d9d1fa
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: 9F126173E2814385FB209A1590943FE66A3FB40758F8C4135D79AC6BC4DFBEE6408B4A

Function 00007FF6E2151050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6E21510CC
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6E21511F6
malloc, xrefs: 00007FF6E215110F
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6E2151108
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6E2151098
fseek, xrefs: 00007FF6E21510D3
fread, xrefs: 00007FF6E21511FD

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 2d021f7da401aec23eb7dc7f0c87ec7fcf667bd8f2e6924468e7d329bd391e80
Instruction ID: 1b4945884bc05787d5cbd5d763a2a2da40c4ec091888413efe6f6bcb72c90348
Opcode Fuzzy Hash: 2d021f7da401aec23eb7dc7f0c87ec7fcf667bd8f2e6924468e7d329bd391e80
Instruction Fuzzy Hash: 84418E23E1825285EA11DB21D8407F96393BF45B88F5844B1EF0DC7785DEBEE301874A

Function 00007FF6E2151470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6E21514DE
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6E21515DF
malloc, xrefs: 00007FF6E215151F
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6E2151518
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6E215149F
fseek, xrefs: 00007FF6E21514E5
fread, xrefs: 00007FF6E21515E6

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: a184642825e07b86810f2b9adbdb1e51f013e7a0f6b30c6d92528709c5dff695
Instruction ID: 0421359e718f6e84f89c9facb3e81dca3f8a7bc1ab9e6887216f13bd17e84262
Opcode Fuzzy Hash: a184642825e07b86810f2b9adbdb1e51f013e7a0f6b30c6d92528709c5dff695
Instruction Fuzzy Hash: 0E418D23E5864285EA11DB21D4403F96393BF85788F484872EF0EC7B95DEBEE701870A

Function 00007FF6E215EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6E215EA65

Part of subcall function 00007FF6E215F9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF6E215F9FF
Part of subcall function 00007FF6E215F9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6E215FA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6E215EB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6E215ED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6E215EE98

Strings

csm, xrefs: 00007FF6E215EA7F
csm, xrefs: 00007FF6E215EAE6
csm, xrefs: 00007FF6E215EB60

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: e873157a30fdeca8cc168d8440ee694608d8766e394dd7dd1580fce55440d0fc
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: 22D15A23E48B418AEB209B6594403ED77A2FB4578CF100175EB4DD7B96DFBAE680C706

Function 00007FF6E2152C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152D63
MessageBoxW.USER32 ref: 00007FF6E2152D99

Strings

[PYI-%d:ERROR] , xrefs: 00007FF6E2152CA6
<FormatMessageW failed.>, xrefs: 00007FF6E2152D70
Error, xrefs: 00007FF6E2152D8C
%ls: , xrefs: 00007FF6E2152D22

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: 408ea30f5687263fdc0cccce5ffd321b9b69d55d8b90508c40bea3a33e5b9d72
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 7531B423F08A4142E6209B65E8543EA6692BF8879CF414136EF4ED3799DF7ED706C305

Function 00007FF6E215DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DD4D
GetLastError.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DD85
FreeLibrary.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DDF3
GetProcAddress.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DDFF

Strings

api-ms-, xrefs: 00007FF6E215DD6D

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: 95c771cabec28a3c76d36ac7e20500f862dbc6daecf9879bc77e05ec1bd34e95
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: 1F31A323F5A64291EE119B0298007F52396FF49BA8F594575DF1EC63C0EFBEE6448309

Function 00007FF6E2156360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON

Download Yara Rule

Strings

Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF6E2156456
ucrtbase.dll, xrefs: 00007FF6E21563DD
LoadLibrary, xrefs: 00007FF6E21564AE
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF6E2156407
Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF6E21563C7
Failed to load Python DLL '%ls'., xrefs: 00007FF6E21564A7

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction ID: 84dfabfa2e4160157d9ad71bf816a0cd209270ee4612bdaf5a531836c02179d0
Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction Fuzzy Hash: 24419223E5868691EA21DB20E4143E96352FF94388F900172EB5DC32D9EFBDE705C786

Function 00007FF6E2152A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6E215351A,?,00000000,00007FF6E2153F1B), ref: 00007FF6E2152AA0

Strings

WARNING, xrefs: 00007FF6E2152AAF
Warning, xrefs: 00007FF6E2152B1E
[PYI-%d:%s] , xrefs: 00007FF6E2152AA8
Warning [ANSI Fallback], xrefs: 00007FF6E2152B0F
0, xrefs: 00007FF6E2152B16

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: d410375d5844b05b3e0a0b63bbb84c81e7df705f1da650f82dbebd82308e0af6
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 2B219C33A18B8192E6209B50F8807EA6395FB88388F400136FF8DC3699DFBDD345C645

Function 00007FF6E216B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6E216B15F
FlsGetValue.KERNEL32 ref: 00007FF6E216B174
FlsSetValue.KERNEL32 ref: 00007FF6E216B195
FlsSetValue.KERNEL32 ref: 00007FF6E216B1C2
FlsSetValue.KERNEL32 ref: 00007FF6E216B1D3
FlsSetValue.KERNEL32 ref: 00007FF6E216B1E4
SetLastError.KERNEL32 ref: 00007FF6E216B1FF

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 12f476f87c8743e70c8b210e20a22f1b01636e2fed05d2f1e0a082253e023e8e
Instruction ID: e1f3f71c3256f02eeca3c5fe9d79638161f450e54d9cd9ed07e66eaafeb849b9
Opcode Fuzzy Hash: 12f476f87c8743e70c8b210e20a22f1b01636e2fed05d2f1e0a082253e023e8e
Instruction Fuzzy Hash: ED216032F2C24241F9586325A5D13BD61835F547A8F104634EB2FD66C6DEAEE700430A

Function 00007FF6E2177D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6E2177D9D
GetLastError.KERNEL32 ref: 00007FF6E2177DA9
CloseHandle.KERNEL32 ref: 00007FF6E2177DC1
CreateFileW.KERNEL32 ref: 00007FF6E2177DEC
WriteConsoleW.KERNEL32 ref: 00007FF6E2177E0B

Strings

CONOUT$, xrefs: 00007FF6E2177DCD

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: dcd3743cc3b5115fc1c7fa79a171efcc07351f497d9f4dd2a899ab9b274a87fd
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: C911B422E18B4586E3508B12F8443A962A1FB89BE8F000234EB5EC77E4CFBDD6408709

Function 00007FF6E2158ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2158EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2158F5A

Part of subcall function 00007FF6E2159390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E21545F4,00000000,00007FF6E2151985), ref: 00007FF6E21593C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2158FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2159044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2159055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E215906A

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction ID: 3bbcc77cdc3df311cdc1a10fd410afcfe26ab2058134a3a5b6f53534ec5cbeba
Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction Fuzzy Hash: E541BF63E1968281EA309B12A4403EA7396FF85B88F040535DF4DD7789DFBEE600C74A

Function 00007FF6E216B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B2D7
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B30D
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B33A
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B34B
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B35C
SetLastError.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B377

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 341ed06667cf8b6c5416a7ef0c6dfdccbf195f5bc763a811adde1679d5f4f530
Instruction ID: 16a10d63207adc22c3bb300239f9f2e70efcc1cf03d7c7063759c06853195491
Opcode Fuzzy Hash: 341ed06667cf8b6c5416a7ef0c6dfdccbf195f5bc763a811adde1679d5f4f530
Instruction Fuzzy Hash: BE119F32F1D24282FA58672196C03BE61439F447B8F184334EB2FD66D6DEAEE700430A

Function 00007FF6E2152910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6E2151B6A), ref: 00007FF6E215295E

Strings

Error, xrefs: 00007FF6E2152A0E
%s: %s, xrefs: 00007FF6E21529E8
Error [ANSI Fallback], xrefs: 00007FF6E21529FF
[PYI-%d:ERROR] , xrefs: 00007FF6E2152966

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 71cb21cc6a58a64456ed1b702b27e08c55f404536c1603049c3abeaa767209fa
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: 6831CF23F1868552E7209B61E8403EA6296BF887DCF400132EF8DC3789EFBDD6468205

Function 00007FF6E2152390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6E21523C8
DialogBoxIndirectParamW.USER32 ref: 00007FF6E215248E
DeleteObject.GDI32 ref: 00007FF6E21524C1
DestroyIcon.USER32 ref: 00007FF6E21524D3

Strings

Unhandled exception in script, xrefs: 00007FF6E21523F8

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction ID: 849c3f58384829ff7cfeba30aa173ef21e552655eba930a71104ec1a1cf440d6
Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction Fuzzy Hash: C1314E33A1968189EB209B61E8553FA6361FB89788F440135EB4EC7B89DF7DD201C706

Function 00007FF6E2152B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6E215918F,?,00007FF6E2153C55), ref: 00007FF6E2152BA0
MessageBoxW.USER32 ref: 00007FF6E2152C2A

Strings

Warning, xrefs: 00007FF6E2152C1D
WARNING, xrefs: 00007FF6E2152BAF
[PYI-%d:%ls] , xrefs: 00007FF6E2152BA8

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: f80ca236a00fec59ac5b0ce53c18fdd0d264ef7476104678795712c2a9738008
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: B121AB23B18B4192E6209B64F8847EA63A6EB88788F400136EF8ED3659DF7DD305C745

Function 00007FF6E2152710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6E2151B99), ref: 00007FF6E2152760

Strings

[PYI-%d:%s] , xrefs: 00007FF6E2152768
Error, xrefs: 00007FF6E21527DE
Error [ANSI Fallback], xrefs: 00007FF6E21527CF
ERROR, xrefs: 00007FF6E215276F

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: 766b3b422a524bfc67e2a999ddb9f607e2575c0cc339977c4a5fddfe44dda2e4
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: B2217C33A19B8192E6209B50F8817EA6295AB88388F400135EF8DD3699DFBDD3458645

Function 00007FF6E2169A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6E2169AAD
GetProcAddress.KERNEL32 ref: 00007FF6E2169AC3
FreeLibrary.KERNEL32 ref: 00007FF6E2169AEA

Strings

CorExitProcess, xrefs: 00007FF6E2169ABC
mscoree.dll, xrefs: 00007FF6E2169AA4

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: 01cce14c2c4b0621e023387194d399c0e3c1086a117c2fb0d50a5dce569538c3
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 78F0C822F1870682EA148B14E4843BA23A1BF85768F540235C76FC55E4CFAED344C306

Function 00007FF6E2179368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6E2179390
_set_statfp.LIBCMT ref: 00007FF6E21793AB
_set_statfp.LIBCMT ref: 00007FF6E21793C7
_set_statfp.LIBCMT ref: 00007FF6E2179403

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: c026bc5a2a3f4ae08c8ee3aa24de6eef47dc0fd13eb4f178172b6a374bbe1b69
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: F8116333D58A0201F6545179E4913FA1053BFDB37CE040634EB6ED72D68EEEAA49410A

Function 00007FF6E216B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B3AF
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B3CE
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B3F6
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B407
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B418

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 076d9937837767d8c0599fb7139188ad361754fd070b51876ae2b58645e7f25c
Instruction ID: 8ad0cee34a8d24f256edbac3a4dbb1f7fc0c2a3141d8ce5c8b8b907849f8254e
Opcode Fuzzy Hash: 076d9937837767d8c0599fb7139188ad361754fd070b51876ae2b58645e7f25c
Instruction Fuzzy Hash: A3119032F2D64241FA58A72655C13FD61435F507B8F584334EB2FD6AC6DEAEE701820A

Function 00007FF6E216B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF6E216B235
FlsSetValue.KERNEL32 ref: 00007FF6E216B254
FlsSetValue.KERNEL32 ref: 00007FF6E216B27C
FlsSetValue.KERNEL32 ref: 00007FF6E216B28D
FlsSetValue.KERNEL32 ref: 00007FF6E216B29E

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 84df6eade7ca2759e64539926e88efdc2e23a1e9973d593929f07b0eae7a4c09
Instruction ID: 3ccb892974351504738bdd24b510cd5146f760cc96a3bc38564a85b7cfc46b85
Opcode Fuzzy Hash: 84df6eade7ca2759e64539926e88efdc2e23a1e9973d593929f07b0eae7a4c09
Instruction Fuzzy Hash: C811E332E2920641FAAC626144D13FD22834F55328F244738EB2EDA6C2DEAEB740420B

Function 00007FF6E2165FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2165FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2166106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21661BC

Strings

verbose, xrefs: 00007FF6E2165FB0

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: e008a95b5d0d7ed475e2a57b24264cd6f9c3aa1ab4598e7231fb76c8958d64f6
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: 9B91D3B3E2868681E7208F25D4903BD3796AB80BD8F444135DB5DC33D5DEBEEA45834A

Function 00007FF6E216FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216FEA7

Part of subcall function 00007FF6E2167A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2167A59

Strings

UTF-8, xrefs: 00007FF6E216FE26
ccs, xrefs: 00007FF6E216FDE2
UTF-16LEUNICODE, xrefs: 00007FF6E216FE45

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: f0d3d4a52674556a3bb5aae63bb9259a4ffa8e39b0082663cf6499bffe95ce4f
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 23816373E2828285E7655E6981903FD2AA3AB1174CF564035CB0FD7295DFAFBB01930B

Function 00007FF6E215D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6E215D673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6E215D70A
RtlUnwindEx.KERNEL32 ref: 00007FF6E215D764

Strings

csm, xrefs: 00007FF6E215D6F1

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: 63c4f080357b1a9d103e07b3e2e307199cad46dd6cfad11a8d959fda5c04af88
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: F3519F33E596428ADB148B15D844BB87792EB44B9CF108170DB4EC7788DFBEEA41C709

Function 00007FF6E215F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6E215F2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6E215F398

Strings

csm, xrefs: 00007FF6E215F3EA
csm, xrefs: 00007FF6E215F2D2

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: eec930d1136ebb91342eb5bfcc1d53efb720780e1e3c28c0e7848242e4802c0c
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 98518033E4828287EB648B2191443AD37A2FB56B88F144176DB4DC3B85CFBDE650C70A

Function 00007FF6E215EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6E215EF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6E215EF83

Strings

MOC, xrefs: 00007FF6E215EF4B
RCC, xrefs: 00007FF6E215EF53

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: d2cf063541a908a11f5ca8cbd599513202484c824939f447f782989e2afa10e1
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: EE618F33D08BC586DB608B15E4403EAB7A1FB95788F044265EB9C83B95DFBDD290CB05

Function 00007FF6E2152810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF6E21528EA

Strings

Error, xrefs: 00007FF6E21528DD
ERROR, xrefs: 00007FF6E215286F
[PYI-%d:%ls] , xrefs: 00007FF6E2152868

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: dc9d9df2251a628d8ecec9d312ee7ba80c21f6006fb120efe300474988b1499b
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: 6121AB73B18B4192E6209B54F8847EA63A2EB88788F400136EB8ED3659DFBDD345C745

Function 00007FF6E216C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6E216C61F
WriteFile.KERNEL32 ref: 00007FF6E216C8E7
WriteFile.KERNEL32 ref: 00007FF6E216C92D
GetLastError.KERNEL32 ref: 00007FF6E216C9E3

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: d9d50ac113835312aafef29a6e5749ddffcec5b11d4081138b5272c28c4cad41
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: 43D1CB73F28A818AE710CF65C4843EC37A2EB55798B444226DF4ED7B89DE79D206C709

Function 00007FF6E21520C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF6E21520F4
SetWindowLongPtrW.USER32 ref: 00007FF6E2152116
GetWindowLongPtrW.USER32 ref: 00007FF6E2152140
InvalidateRect.USER32 ref: 00007FF6E2152160

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: 5ac8ec086ec563cf95fd09c58e6f37d37bd655789ee524321a1183154f45fe64
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: C911E923F4C14242F65487A9E5883FA5253EF95788F484030DB4BC7B89CEAED781820A

Function 00007FF6E2175B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E2171760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2171793

_get_daylight.LIBCMT ref: 00007FF6E2175C34
_get_daylight.LIBCMT ref: 00007FF6E2175C45

Strings

?, xrefs: 00007FF6E2175BC5

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction ID: 55b1d896a359b231ccce3b844c81e3eaa8fc5ec7f4bf883aa64f2aca00537481
Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction Fuzzy Hash: 05414723E0828666F7308B25D4413F96662EBC2BA8F144235EF4CC7AD5DFBED6418705

Function 00007FF6E2169014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2169046

Part of subcall function 00007FF6E216A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
Part of subcall function 00007FF6E216A948: GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6E215CBA5), ref: 00007FF6E2169064

Strings

C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe, xrefs: 00007FF6E2169052

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
API String ID: 3580290477-524912626
Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction ID: 13436bc04cc25523bfec1375aef358c20cd37be23c79a1b8c2fdb6199f7126f3
Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction Fuzzy Hash: B841AF33E1860286EB189F25D4802FC33A6FB447D8B554035EB4EC7B85CE7EE6918346

Function 00007FF6E216CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6E216CD4F
GetLastError.KERNEL32 ref: 00007FF6E216CD71

Strings

U, xrefs: 00007FF6E216CCFB

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 8de3ff0bfd1ec27e8f3fb1a014825065259b794b46ffdc4fcef58b3d4545c0d4
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: 9E419133A28A8581DB208F25E4483EA6762FB98788F504135EF4DC7798EFBDD641C745

Function 00007FF6E216F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF6E216F5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF6E216F64A

Strings

:, xrefs: 00007FF6E216F60E

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: d7e4ed55f29cf6b5985c16ba7c582ed18ee62b51760ed1b5a20f115a32bf7e2e
Instruction ID: 73bdf6b5c8d397ab12b8f9baea60b14021068cab88be22108e2ca33e00d0ac76
Opcode Fuzzy Hash: d7e4ed55f29cf6b5985c16ba7c582ed18ee62b51760ed1b5a20f115a32bf7e2e
Instruction Fuzzy Hash: 5021C373F2828181EB209B15D0843BD63A2FB84B4CF464035DB4EC3694DFBED6448796

Function 00007FF6E215FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF6E215FD98
RaiseException.KERNEL32 ref: 00007FF6E215FDD9

Strings

csm, xrefs: 00007FF6E215FDC6

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: 4fceea49c924b85948d436fd7796e58857944604fcee20e5e6187d762360a03c
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: 23115E33A08B8582EB218F15E4003A977E5FB89B88F184230DB8D87758DF7ED6518B04

Function 00007FF6E217073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E217076C
GetDriveTypeW.KERNEL32 ref: 00007FF6E21707AC

Strings

:, xrefs: 00007FF6E2170795

Memory Dump Source

Source File: 00000000.00000002.2198516869.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000000.00000002.2198488116.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198556948.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198587750.00007FF6E2192000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2198658536.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: 2c5d642c827ed9e5cec17397393d8e3b197b59bc065beb7d0e54c3ac61d6f117
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: B0017123E2820285E7309F60D4613BE63A1EF8574CF901439D78DC26C1DEBED6048A1A

Analysis Process: tor-browser-windows-x86_64-portable-14.0.2.exePID: 7104, Parent PID: 6388COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.2%
Total number of Nodes:	688
Total number of Limit Nodes:	12

Executed Functions

Function 00007FF6E2151000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to load splash screen resources!, xrefs: 00007FF6E2153E7D
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF6E2153A0B, 00007FF6E2153CD4, 00007FF6E2153F63
Failed to start splash screen!, xrefs: 00007FF6E2153ECC
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF6E2153EB3
pyi-runtime-tmpdir, xrefs: 00007FF6E2153B68
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF6E2153A17, 00007FF6E2153A2F, 00007FF6E2153A9B
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6E2153D12
Could not create temporary directory!, xrefs: 00007FF6E2153CBF
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF6E2153B32
MEI, xrefs: 00007FF6E2153933
pyi-contents-directory, xrefs: 00007FF6E2153B8D
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF6E2153D35
pyi-python-flag, xrefs: 00007FF6E2153AD6
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF6E2153C61
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6E21539DE
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF6E2153882, 00007FF6E21538AF
Failed to convert DLL search path!, xrefs: 00007FF6E2153DD4
pyi-disable-windowed-traceback, xrefs: 00007FF6E2153BB2
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF6E2153E02
VCRUNTIME140.dll, xrefs: 00007FF6E2153DA9
_PYI_ARCHIVE_FILE, xrefs: 00007FF6E21538D2, 00007FF6E21539FF
pkg, xrefs: 00007FF6E21539BE
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF6E2153E9E
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF6E2153971
_PYI_SPLASH_IPC, xrefs: 00007FF6E2153A23, 00007FF6E2153EED
Py_GIL_DISABLED, xrefs: 00007FF6E2153AF4
Failed to remove temporary directory: %s, xrefs: 00007FF6E2153FC7
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF6E2153BE8

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: 4651f0dbc160d0404dcf25292df1705b0130bb44d3f559e05366d82f1582b67c
Instruction ID: fad8cc674aa4c5e35a163e9aed1c6309e523e12c0ecdb3f728acf6881d5253ff
Opcode Fuzzy Hash: 4651f0dbc160d0404dcf25292df1705b0130bb44d3f559e05366d82f1582b67c
Instruction Fuzzy Hash: AA329E23E4C68691FA15DB24D4543F92293AF85788F8440B2DB4DC32D6EFAEE754C30A

Function 00007FF8A92D1A0F Relevance: 23.6, APIs: 5, Strings: 8, Instructions: 891COMMON

Download Yara Rule

Strings

HEAD , xrefs: 00007FF8A931B8EE
PUT , xrefs: 00007FF8A931B909
POST , xrefs: 00007FF8A931B8D0
, xrefs: 00007FF8A931B08A
CONNE, xrefs: 00007FF8A931B91D
..\s\ssl\record\ssl3_record.c, xrefs: 00007FF8A931AC34, 00007FF8A931ADE1, 00007FF8A931AF20, 00007FF8A931AF6E, 00007FF8A931AF9E, 00007FF8A931AFCB, 00007FF8A931AFF8, 00007FF8A931B0A5, 00007FF8A931B0EE, 00007FF8A931B245, 00007FF8A931B26D, 00007FF8A931B2A4, 00007FF8A931B2D9, 00007FF8A931B363, 00007FF8A931B473, 00007FF8A931B641, 00007FF8A931B6D0, 00007FF8A931B6F2, 00007FF8A931B717, 00007FF8A931B74C, 00007FF8A931B781, 00007FF8A931B7B8, 00007FF8A931B7EF, 00007FF8A931B826, 00007FF8A931B85B, 00007FF8A931B942, 00007FF8A931B97C, 00007FF8A931B9EA, 00007FF8A931BA20
ssl3_get_record, xrefs: 00007FF8A931AC2D, 00007FF8A931ADDA, 00007FF8A931AF19, 00007FF8A931AF67, 00007FF8A931AF97, 00007FF8A931AFBF, 00007FF8A931AFEC, 00007FF8A931B099, 00007FF8A931B0E2, 00007FF8A931B239, 00007FF8A931B261, 00007FF8A931B2CD, 00007FF8A931B357, 00007FF8A931B467, 00007FF8A931B635, 00007FF8A931B70B, 00007FF8A931B740, 00007FF8A931B775, 00007FF8A931B7AC, 00007FF8A931B7E3, 00007FF8A931B81A, 00007FF8A931B84F, 00007FF8A931B936, 00007FF8A931B970, 00007FF8A931B9E3, 00007FF8A931BA14
GET , xrefs: 00007FF8A931B8AD

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
API String ID: 0-2781224710
Opcode ID: 25f844a4e8796925b69264503ec11036386ca2ea61b3c4c8a6cc07d935ef8136
Instruction ID: 2372bb6755848d43a13fe5aa2de846d273a179b1a52b5056316a6f0daf35ee50
Opcode Fuzzy Hash: 25f844a4e8796925b69264503ec11036386ca2ea61b3c4c8a6cc07d935ef8136
Instruction Fuzzy Hash: CF927C31A0EEC2A2FB609F21D8447B967B1EF85BC4F646035DA4DC66A9EF3DE4418710

Function 00007FF6E2176964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6E2176698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21766D9
Part of subcall function 00007FF6E2176698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2176757
Part of subcall function 00007FF6E2176698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21767A8

CreateFileW.KERNEL32 ref: 00007FF6E2176A6A
CreateFileW.KERNEL32 ref: 00007FF6E2176ABA
GetLastError.KERNEL32 ref: 00007FF6E2176AEA
GetFileType.KERNEL32 ref: 00007FF6E2176AFF
GetLastError.KERNEL32 ref: 00007FF6E2176B09
CloseHandle.KERNEL32 ref: 00007FF6E2176B3C
CloseHandle.KERNEL32 ref: 00007FF6E2176C9F
CreateFileW.KERNEL32 ref: 00007FF6E2176CD4
GetLastError.KERNEL32 ref: 00007FF6E2176CE3

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: 0d847bccb3289a34f2cba70938e7d9977cbf713cc589450f8c2d6dc6fccd3c3e
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 2EC1AD33F28A8585EB10CFA9C4902AC3762EB8AB98B010225DB1ED77D4CF7AD651C305

Function 00007FF8A9397200 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 885librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF8A9397D15
GetProcAddress.KERNEL32 ref: 00007FF8A9397D33
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 00007FF8A9397DB3
VirtualProtect.KERNEL32 ref: 00007FF8A9397DD1

Strings

TLS 1.1, xrefs: 00007FF8A939721C

Memory Dump Source

Source File: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID: TLS 1.1
API String ID: 3300690313-2459780185
Opcode ID: e9bd674313fd626e8b10bb5bd9aba1fc995f4c064e3db001b0372bd032c2116d
Instruction ID: 7ce4dbba1a7237a56f1517093acc247e09f3303972ee91f2848105e12ae02878
Opcode Fuzzy Hash: e9bd674313fd626e8b10bb5bd9aba1fc995f4c064e3db001b0372bd032c2116d
Instruction Fuzzy Hash: 6F62F36262D9D296E7298E38D4503BD66E0F7487C5F046532EA9FC37C4EA7CEA45CB00

Function 00007FF8A8F31000 Relevance: 6.9, APIs: 4, Instructions: 900librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF8A8F31B29
GetProcAddress.KERNEL32 ref: 00007FF8A8F31B53
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 00007FF8A8F31BDD
VirtualProtect.KERNEL32 ref: 00007FF8A8F31BFB

Memory Dump Source

Source File: 00000002.00000002.2186095548.00007FF8A8F31000.00000080.00000001.01000000.00000004.sdmp, Offset: 00007FF8A8870000, based on PE: true

Associated: 00000002.00000002.2184977608.00007FF8A8870000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8871000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8B1F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8B2C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8BA2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8C6D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8D6E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8D72000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8E6B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8E76000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8EF0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8F0B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2185017528.00007FF8A8F24000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000002.00000002.2186150546.00007FF8A8F32000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8870000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID:
API String ID: 3300690313-0
Opcode ID: bf3875d787bfcc14ef9ed9645fa2fd386f6a2c0859c7a2bae9dc7dced8cafdbb
Instruction ID: fd7d2c4aad8f3458a25fc64a4505116a0b2c27d7b67cf59aa9f9267cad30fcb8
Opcode Fuzzy Hash: bf3875d787bfcc14ef9ed9645fa2fd386f6a2c0859c7a2bae9dc7dced8cafdbb
Instruction Fuzzy Hash: 0F62147262919696EB198F38D4002BD76A0F7487C6F045532FAEEC3784EB7CEA85C714

Function 00007FF8A8837B30 Relevance: 6.8, APIs: 4, Instructions: 850librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF8A88385F0
GetProcAddress.KERNEL32 ref: 00007FF8A883861A
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 00007FF8A88386A4
VirtualProtect.KERNEL32 ref: 00007FF8A88386C2

Memory Dump Source

Source File: 00000002.00000002.2184903956.00007FF8A8837000.00000080.00000001.01000000.0000000C.sdmp, Offset: 00007FF8A8340000, based on PE: true

Associated: 00000002.00000002.2182802526.00007FF8A8340000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A8341000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A8352000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A8362000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A8368000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A83B2000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A83C7000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A83D7000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A83DE000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A83EC000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A86A9000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A86AB000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A8722000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A877A000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A87EA000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A881F000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2182879352.00007FF8A8831000.00000040.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000002.00000002.2184936820.00007FF8A8839000.00000004.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8340000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID:
API String ID: 3300690313-0
Opcode ID: fd6e17aede7dd1a07b4ecde7e4701136c40a3ad312db3d6b815d4e7960ab785a
Instruction ID: b57d21b1c7e1b776f713c4ef7de442f4721c31e302bcc657c327f3dff7a6f72e
Opcode Fuzzy Hash: fd6e17aede7dd1a07b4ecde7e4701136c40a3ad312db3d6b815d4e7960ab785a
Instruction Fuzzy Hash: 886211266295929BE7198F38D80027D77A0F7487C5F045532EAAAC3784EB7CEA54CB14

Function 00007FF6E2159280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF6E21592B3
FindClose.KERNEL32 ref: 00007FF6E21592C2

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: dafe307e0607b00f08d51c152ec2e7c48ee04cff9de743b5296253bb86369ae2
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: DBF0A423E1864186F7608B60F4887B67351BB8432CF040235DB6EC2AD4DF7DD248CA09

Function 00007FF6E2151950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6E2157F90: _fread_nolock.LIBCMT ref: 00007FF6E215803A

_fread_nolock.LIBCMT ref: 00007FF6E2151A1B

Part of subcall function 00007FF6E2152910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6E2151B6A), ref: 00007FF6E215295E

Strings

calloc, xrefs: 00007FF6E2151A68
Could not allocate buffer for TOC!, xrefs: 00007FF6E2151B1B
MEI, xrefs: 00007FF6E2151991
Failed to seek to cookie position!, xrefs: 00007FF6E21519EE
malloc, xrefs: 00007FF6E2151B22
Could not allocate memory for archive structure!, xrefs: 00007FF6E2151A61
Error on file., xrefs: 00007FF6E2151B8D
fseek, xrefs: 00007FF6E21519F5
Failed to read cookie!, xrefs: 00007FF6E2151A2B
Could not read full TOC!, xrefs: 00007FF6E2151B55
fread, xrefs: 00007FF6E2151A32, 00007FF6E2151B5C

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 27547418d9ab5e62463e202343d91a8db4d430f9fb0a7f3bbb020ab973e08554
Instruction ID: e280768a830f528bfaf53595ea54fdf141a7295d116ef14f411f5e8142ff26dd
Opcode Fuzzy Hash: 27547418d9ab5e62463e202343d91a8db4d430f9fb0a7f3bbb020ab973e08554
Instruction Fuzzy Hash: 96818273E0868686EB21DB14D0803F923A3AF85748F444475EB4EC7785DEBEE745874A

Function 00007FF6E2151470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6E2151518
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6E215149F
malloc, xrefs: 00007FF6E215151F
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6E21515DF
fseek, xrefs: 00007FF6E21514E5
fread, xrefs: 00007FF6E21515E6
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6E21514DE

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 89ccecf573411ed4716394efc1ec480fa9932aea8d62f2b8012777f73556fdbd
Instruction ID: 0421359e718f6e84f89c9facb3e81dca3f8a7bc1ab9e6887216f13bd17e84262
Opcode Fuzzy Hash: 89ccecf573411ed4716394efc1ec480fa9932aea8d62f2b8012777f73556fdbd
Instruction Fuzzy Hash: 0E418D23E5864285EA11DB21D4403F96393BF85788F484872EF0EC7B95DEBEE701870A

Function 00007FF6E2151210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF6E2151276
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF6E21512BA
1.3.1, xrefs: 00007FF6E2151249
malloc, xrefs: 00007FF6E21512C1, 00007FF6E21512F6
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6E215141E
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6E21512EF

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: c49957f071027ddab990f7db31e9cb9fde1fe3b1b3a00d6674342581536df05e
Instruction ID: 8c5a92bd6e53f7045fc4d07042ef86adc34abfbca8375d64d92e7f31b9c8af18
Opcode Fuzzy Hash: c49957f071027ddab990f7db31e9cb9fde1fe3b1b3a00d6674342581536df05e
Instruction Fuzzy Hash: 5451DF23E4864285EA61AB11E4503FA6293BF81798F480175EF0DC77C5EFBEE641C70A

Function 00007FF6E216ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6E216F0AA,?,?,-00000018,00007FF6E216AD53,?,?,?,00007FF6E216AC4A,?,?,?,00007FF6E2165F3E), ref: 00007FF6E216EE8C
GetProcAddress.KERNEL32(?,?,?,00007FF6E216F0AA,?,?,-00000018,00007FF6E216AD53,?,?,?,00007FF6E216AC4A,?,?,?,00007FF6E2165F3E), ref: 00007FF6E216EE98

Strings

api-ms-, xrefs: 00007FF6E216EDD6
ext-ms-, xrefs: 00007FF6E216EDE9

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 02a5e0b0d5784069128e0ac7d93baa69024115d0f734a7f67243c0751cba561d
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: 8A41F933F2D60141EA15CB56D8407F92293BF49B98F984639DE1DC7384EFBEE6058209

Function 00007FF6E21536B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF6E2153804), ref: 00007FF6E21536E1
GetLastError.KERNEL32(?,00007FF6E2153804), ref: 00007FF6E21536EB

Part of subcall function 00007FF6E2152C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152C9E
Part of subcall function 00007FF6E2152C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152D63
Part of subcall function 00007FF6E2152C50: MessageBoxW.USER32 ref: 00007FF6E2152D99

Strings

Failed to resolve full path to executable %ls., xrefs: 00007FF6E2153739
Failed to obtain executable path., xrefs: 00007FF6E21536F3
\\?\, xrefs: 00007FF6E215375A
Failed to convert executable path to UTF-8., xrefs: 00007FF6E2153790
GetModuleFileNameW, xrefs: 00007FF6E21536FA

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 2bd2243f81b6cd83946e9cb5a380921d6839b4a9877ad4fb7bbf521e3f0b8684
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: E1219F63F5864281FA209B20E8443FA2252BF8834CF800172E75EC75D5EEAEE705C34A

Function 00007FF6E216BA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216BE89

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: fe76644ed600cf537c3c6f178a4f6dddc7bb94aee2e0e4a7e52e493d4ee37ba5
Instruction ID: 492d430053e0d7cf1c2dbfa9cb2693a0f9569cbe61735da1678834133986f1ef
Opcode Fuzzy Hash: fe76644ed600cf537c3c6f178a4f6dddc7bb94aee2e0e4a7e52e493d4ee37ba5
Instruction Fuzzy Hash: 8AC1F033D2868681E6608B1590803FD6B52EB81B98F550131EB4ED7791CEFFE745870A

Function 00007FF6E2156360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF6E21563C7
LoadLibrary, xrefs: 00007FF6E21564AE
Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF6E2156456
Failed to load Python DLL '%ls'., xrefs: 00007FF6E21564A7
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF6E2156407
ucrtbase.dll, xrefs: 00007FF6E21563DD

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction ID: 84dfabfa2e4160157d9ad71bf816a0cd209270ee4612bdaf5a531836c02179d0
Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction Fuzzy Hash: 24419223E5868691EA21DB20E4143E96352FF94388F900172EB5DC32D9EFBDE705C786

Function 00007FF6E2165628 Relevance: 6.1, APIs: 4, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2165655
CreateFileW.KERNEL32 ref: 00007FF6E2165694
CloseHandle.KERNEL32 ref: 00007FF6E21656C9

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction ID: 4c8c9976b9b00495593ec1a5b1f6a18b4f3f91f93af2ad3f720d123519577c2e
Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction Fuzzy Hash: 1B41B233D2878293E3108B20D5903BD6262FB943A8F108334E79C83AD1DFADA2E08745

Function 00007FF8A92D14BF Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 243
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32 ref: 00007FF8A932EDA1

Strings

state_machine, xrefs: 00007FF8A932EE8A, 00007FF8A932EF54, 00007FF8A932F065, 00007FF8A932F097
..\s\ssl\statem\statem.c, xrefs: 00007FF8A932EE91, 00007FF8A932EF5B, 00007FF8A932F071, 00007FF8A932F0A3

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorLast
String ID: ..\s\ssl\statem\statem.c$state_machine
API String ID: 1452528299-1722249466
Opcode ID: fa1af6e95ef90c32761611ab3741ed222fae2e63033c217ccf4e575d4f6d4e5b
Instruction ID: d123407b77e0adf5bd8a256a9fc4e54f465dc355e93162094eb7ebf8c679b6a4
Opcode Fuzzy Hash: fa1af6e95ef90c32761611ab3741ed222fae2e63033c217ccf4e575d4f6d4e5b
Instruction Fuzzy Hash: A6A18F32A0EAC2A5FBB49E2594417BD32B9EF61BC4F146431DA0DC6689CF7DE8818741

Function 00007FF8A92D14EC Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32 ref: 00007FF8A9317EF5

Strings

..\s\ssl\record\rec_layer_s3.c, xrefs: 00007FF8A9317E9D, 00007FF8A9317FE4, 00007FF8A9318018
ssl3_read_n, xrefs: 00007FF8A9317E91, 00007FF8A9317FD8, 00007FF8A931800C

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorLast
String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
API String ID: 1452528299-4226281315
Opcode ID: d94d605e0c3c7615078f9d1603b74134fba96d51f0d75133064dff5826735a27
Instruction ID: b788c8311bf5e94cf6bc29961f3b7605b0f0a5b93bd8906fb20a6767b7047b27
Opcode Fuzzy Hash: d94d605e0c3c7615078f9d1603b74134fba96d51f0d75133064dff5826735a27
Instruction Fuzzy Hash: 72919231A0EAC6A6FB509F25D4407B966B0EF44BC4F686131DE4D8BAA9EF78D8458310

Function 00007FF6E215CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E215CE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6E215CE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6E215CC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF6E215CCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF6E215CD21

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: c146bd5e7abf35718aaa6020d33936ce2044c7f1bb20c4d66abb7160ae859cec
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: 9E310823E8814742FA14AB65D4613F91683AF9538CF4454B4DB0EC72E3DEAFA704824B

Function 00007FF6E2169A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF6E2169A2C), ref: 00007FF6E2169A41
TerminateProcess.KERNEL32(?,?,?,00007FF6E2169A2C), ref: 00007FF6E2169A4C
ExitProcess.KERNEL32 ref: 00007FF6E2169A5B

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction ID: 70789bed07e5b05ce9050992da6ebba834131a8f4610f79bd5c3d0b5dfc5e63c
Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction Fuzzy Hash: 12D06722F1870643EA142B70A8992FD12976F89719B141438CA0BC6393DEAFAB49424B

Function 00007FF6E216013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2160180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2160277

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
Instruction ID: 30c3763d89886e07d4315b4f6fe4fda6d624e3a475df585e20560161f028a5ef
Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
Instruction Fuzzy Hash: 4B51A533E29241C6E6249A2594407FE6692BF44BACF184638DF6DC37C5CEFED641860A

Function 00007FF6E216C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF6E216C2CD), ref: 00007FF6E216C180
GetLastError.KERNEL32(?,?,?,?,?,00007FF6E216C2CD), ref: 00007FF6E216C18A

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: fc239428f3a6f8c1d01bab348f449e7ef3cfe90046669e426bd1b90bc14303dc
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: BF11D332A18A4181DA208B15E8442AD6262AB51BF8F540331EB7DC77D4CEBDD2508705

Function 00007FF6E216A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction ID: 2b7bb5caf54601de81718cb3568a320cb6d12908abee972b8ace5ab0a43008a3
Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction Fuzzy Hash: 7BE08622F2920282FF155BF1D4953FD12536FC5B08F450030CB0EC2291DEAE6B81831A

Function 00007FF6E216AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF6E216A9D5,?,?,00000000,00007FF6E216AA8A), ref: 00007FF6E216ABC6
GetLastError.KERNEL32(?,?,?,00007FF6E216A9D5,?,?,00000000,00007FF6E216AA8A), ref: 00007FF6E216ABD0

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: 8af83a48d930e2481a7f8504f8b280fc53c269beb8ca2e5512b1937eac560a3d
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: AE218033F2868641EAA0575194D03FD16839F84799F084239DB2EC77D1CEEEE645430A

Function 00007FF6E216BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216BED4

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: bc4c7fcf9ad18f5357ab9ef51cba9ed6663c0d754578cc927a6373d5b4e39766
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: 7D41B333D2824187EA248B19A5903BD77A2EB55748F140131DB8FD36D1CFAEE702CB56

Function 00007FF8A932EC4C Relevance: 1.6, APIs: 1, Instructions: 337COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF8A932EDA1

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: aea56f64fe44ad7b0340a1766d39962d55ffaa5f78c982329402f1f7499899da
Instruction ID: f0eea199c81feaa4f10038f3e24fb7ebd0eb46651664c6a123000a19f44e4c09
Opcode Fuzzy Hash: aea56f64fe44ad7b0340a1766d39962d55ffaa5f78c982329402f1f7499899da
Instruction Fuzzy Hash: FF31E532A0EB91AAE7649E25945127D33B5EF64FC4F589435DE08C7685CF3DE842C740

Function 00007FF6E2157F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF6E215803A

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 6c0febe66f3eebf5cf339e545fce04fb5f711a7807da0d6a964a5ed0356a8643
Instruction ID: 109f8931e339dbb2203410112c125ae6b6be11d81210b76afb8625317c638c7a
Opcode Fuzzy Hash: 6c0febe66f3eebf5cf339e545fce04fb5f711a7807da0d6a964a5ed0356a8643
Instruction Fuzzy Hash: 64219322F5865586EB509B2274043FA9642BF45BC8F894570EF0DC7786DEFEE281C20A

Function 00007FF6E216B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216B9C2

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
Instruction ID: 194d74d16e6a73733035c7f928ed1f22a79c56efce7a1825664ded22063e102f
Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
Instruction Fuzzy Hash: A0314F73E3860285E6215F5584813FD2692AB80B98F510135EB5ED73D2CEFEE741871B

Function 00007FF6E2169961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6E216998F

Part of subcall function 00007FF6E2169A88: GetModuleHandleExW.KERNEL32 ref: 00007FF6E2169AAD
Part of subcall function 00007FF6E2169A88: GetProcAddress.KERNEL32 ref: 00007FF6E2169AC3
Part of subcall function 00007FF6E2169A88: FreeLibrary.KERNEL32 ref: 00007FF6E2169AEA

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction ID: 8b86f537d065719becd4bb556afaaf2c0d4318d5edcd1b0ce627b8a4d048b6a3
Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction Fuzzy Hash: 60214873E24A458AEB248F64C4803EC32A1FB4471CF44463AD76D86A95DFB99688C746

Function 00007FF6E2165F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2165EF9

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 76f563a76c1fed680811b9f7e66cad760f45e5995727c7e35f74b097dceb3ff8
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 0F119633E3C64285EE609F5194803FDA666BF85B88F544431EB4CD7A96CFBED600874A

Function 00007FF6E2176354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2176377

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: f238275630b9d07fa206712b732f1cd0be768266f3d93338a05784b6060caf09
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: EF219033A18A8186DB608F18D4803AA77A2BBC5B98F144234E75EC66D9DF7ED901CB05

Function 00007FF6E21603BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2160410

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: a8e9193938e96db4a6899d2125effc54e388453fb9c83d684b9fe25ccc9e535f
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: DF01C232E2874180E914DB5299402FDA692BF81FE8F484674EF5CD3BD6CEBED6018305

Function 00007FF6E2158E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E2159390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E21545F4,00000000,00007FF6E2151985), ref: 00007FF6E21593C9

LoadLibraryExW.KERNEL32(?,00007FF6E2156476,?,00007FF6E215336E), ref: 00007FF6E2158EA2

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide
String ID:
API String ID: 2592636585-0
Opcode ID: 11a4aaaef8a7a10f6e0ce37232ac144c9e9b59754371ad75d1a790c2d21c933d
Instruction ID: 04f7785f0fad2aabdadc091da7c1a1fe39b4eaa8173f30ab995ec4bbd10ad322
Opcode Fuzzy Hash: 11a4aaaef8a7a10f6e0ce37232ac144c9e9b59754371ad75d1a790c2d21c933d
Instruction Fuzzy Hash: 54D08C12F3424542EA94A76BBA467AA5252AB8ABC4F888075EF0D83B8ADD3DC1414B04

Function 00007FF8A92D1E01 Relevance: 1.3, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF8A932EDA1

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 7996a06857c3f91e8426b2d630f3f6f22c05bb801b80ee25fc1232160325fa23
Instruction ID: d4ed2cc819a7e6d8b088ebd5ad0942470a0e97e548115825b46c034ed7f3a786
Opcode Fuzzy Hash: 7996a06857c3f91e8426b2d630f3f6f22c05bb801b80ee25fc1232160325fa23
Instruction Fuzzy Hash: 68319232A0EA92AAF7749E25944127D72B5EF64BC4F149431DE0DC7685CF3DE882CB80

Function 00007FF6E216D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6E2160C90,?,?,?,00007FF6E21622FA,?,?,?,?,?,00007FF6E2163AE9), ref: 00007FF6E216D63A

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 1b729a97783a4f9e648918843534332faf5fb6e452d756187362e842679ca94b
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 7EF05E22F2924245FE6417715C813FD11935FC57ACF084730DF2EC52C1DEAEA690825A

Non-executed Functions

Function 00007FF6E21589E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E2159390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E21545F4,00000000,00007FF6E2151985), ref: 00007FF6E21593C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158A56

Part of subcall function 00007FF6E216A47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216A490

Part of subcall function 00007FF6E216871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2168783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158AE6
CreateProcessW.KERNEL32 ref: 00007FF6E2158B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158B28

Part of subcall function 00007FF6E2152C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152C9E
Part of subcall function 00007FF6E2152C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152D63
Part of subcall function 00007FF6E2152C50: MessageBoxW.USER32 ref: 00007FF6E2152D99

RegisterClassW.USER32 ref: 00007FF6E2158B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158B8B
CreateWindowExW.USER32 ref: 00007FF6E2158BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C15
PeekMessageW.USER32 ref: 00007FF6E2158C39
TranslateMessage.USER32 ref: 00007FF6E2158C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C51
PeekMessageW.USER32 ref: 00007FF6E2158C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158E04
GetExitCodeProcess.KERNEL32 ref: 00007FF6E2158E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6E2153F77), ref: 00007FF6E2158E2F

Strings

Failed to create child process!, xrefs: 00007FF6E2158B30
PyInstaller Onefile Hidden Window, xrefs: 00007FF6E2158B95
CreateProcessW, xrefs: 00007FF6E2158B37
PyInstallerOnefileHiddenWindow, xrefs: 00007FF6E2158B54

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: d34f318321396c6ef3bccb8f269c3551d5259abaa500b26c299c64c913794145
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: 9FD13E32E08A8686E7109F34E8543EA2766FF8575CF400235DB5EC2AA4DFBDD7858705

Function 00007FF8A82AFF00 Relevance: 20.0, APIs: 13, Instructions: 493COMMON

Download Yara Rule

APIs

00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AFFE7
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B0043
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B0092
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82B00E8
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B0196
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B01F2
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B0247
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B03C7
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B0423
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82B0472
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82B0574
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82B0652
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82B06E6

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$C6138$A2419
String ID:
API String ID: 2638009314-0
Opcode ID: 6aed54118feec531af873d9543ed006788bdddb699dcf0f01bbf85fdea2b84b3
Instruction ID: 912cbaaa8a104bdda652cea5361477d5fe0ffba889b82376cca36df9c99e48f3
Opcode Fuzzy Hash: 6aed54118feec531af873d9543ed006788bdddb699dcf0f01bbf85fdea2b84b3
Instruction Fuzzy Hash: CC22B032E16F859ADA1A8B2591443FAA365FF997C4F15C332DB8E27758DF3CE0428214

Function 00007FF8A82AF450 Relevance: 20.0, APIs: 13, Instructions: 493COMMON

Download Yara Rule

APIs

00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF537
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF593
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF5E2
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82AF638
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF6E6
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF742
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF797
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF917
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF973
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82AF9C2
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82AFAC4
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82AFBA2
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82AFC36

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$C6138$A2419
String ID:
API String ID: 2638009314-0
Opcode ID: 4ad74d6352975525fef7d118f1126785598b34d2acfb356d2fdbc403612dc115
Instruction ID: 4925fadc5e4f20c03fe978a2ecc2c17a0e18425246bb12840672b56e32ded2f5
Opcode Fuzzy Hash: 4ad74d6352975525fef7d118f1126785598b34d2acfb356d2fdbc403612dc115
Instruction Fuzzy Hash: CF22DF32A16F8596EA168B24D4503BAF369FF55BC4F158332DA8F27658DF3DE082C214

Function 00007FF8A82A7010 Relevance: 18.4, APIs: 12, Instructions: 450COMMON

Download Yara Rule

APIs

00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A7144
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A71B0
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A7209
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A7274
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A72DC
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A7332
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A73A4
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A740E
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A7465
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A74E4
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A754C
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A82ABE1A), ref: 00007FF8A82A75A2

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C6138
String ID:
API String ID: 2722774091-0
Opcode ID: 9849245b78ca4eb92c5d8d99ab215348344db1bea5ddf0a16522947d471a4013
Instruction ID: 3704e1ce48dcb127562c688967ca5ca4769059bfa45b5f8819c700ec5b490d73
Opcode Fuzzy Hash: 9849245b78ca4eb92c5d8d99ab215348344db1bea5ddf0a16522947d471a4013
Instruction Fuzzy Hash: AC02D132F5AE019EE607877481413BAE366EF257D4F46C332E94F37658EB386492C218

Function 00007FF8A8143068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF8A8143084
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A81430A8
RtlCaptureContext.KERNEL32 ref: 00007FF8A81430B1
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8A81430CB
RtlVirtualUnwind.KERNEL32 ref: 00007FF8A814310C
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A814313F
IsDebuggerPresent.KERNEL32 ref: 00007FF8A8143160
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8A8143181
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8A814318C

Memory Dump Source

Source File: 00000002.00000002.2177832756.00007FF8A8141000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A8140000, based on PE: true

Associated: 00000002.00000002.2177799498.00007FF8A8140000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81A2000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81EE000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81F2000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81F7000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A824F000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A8254000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A8257000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2180094427.00007FF8A8258000.00000080.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2180136487.00007FF8A825A000.00000004.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8140000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007A2419ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3856421733-0
Opcode ID: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
Instruction ID: c5f89335ab15de04bbef502fad40ec2add565887463b7a0ee2362c5308048a00
Opcode Fuzzy Hash: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
Instruction Fuzzy Hash: B431A2B661AB81D6EB619F60E8507ED3360FB84788F44443ADA4E47B99DF3CC548C724

Function 00007FF6E21583C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E215842B
RemoveDirectoryW.KERNEL32(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584AE
DeleteFileW.KERNEL32(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584CD
FindNextFileW.KERNEL32(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584DB
FindClose.KERNEL32(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584EC
RemoveDirectoryW.KERNEL32(?,00007FF6E2158919,00007FF6E2153F9D), ref: 00007FF6E21584F5

Strings

%s\*, xrefs: 00007FF6E21583F2

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction ID: 9cecd306de45bf0d5a2691eabb3e9b2d1649b7ecf0d442e53a0356671f710a82
Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction Fuzzy Hash: E5418F23E4C54681EA209F20F4483FA63A2FB95758F410272DB9EC26C4DFAED785C706

Function 00007FF8A82A76B0 Relevance: 10.8, APIs: 7, Instructions: 267COMMON

Download Yara Rule

APIs

00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82A771B
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A782D
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A7890
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A78E4
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A7963
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A79C4
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A7A17

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$C6138$A2419
String ID:
API String ID: 2638009314-0
Opcode ID: 2280084202c957317e2ddb1ec18dc6dfdd8b4049e1094c236acac9da9a2d9437
Instruction ID: 734187f3474326e0e5a7d1e26e61d478e2c08a7f1b9bf1f768664a86f8b0fe89
Opcode Fuzzy Hash: 2280084202c957317e2ddb1ec18dc6dfdd8b4049e1094c236acac9da9a2d9437
Instruction Fuzzy Hash: 02B11621E1AE555DE607873481003BAE21AFF557D5F16C332E98F37788EB7CA582C218

Function 00007FF8A8296F90 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

APIs

00007FF8C61203E0.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A8297039
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82970A0

Strings

, xrefs: 00007FF8A82971F8

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$A2419C61203
String ID:
API String ID: 3549137889-2920267241
Opcode ID: 18535fbcc1c3291b499e8e54c5bbcc61516be26d48224b1c5d4ab9802cf573ba
Instruction ID: f88d9ad0dae37501b07e52020b3c4baf64e49924310dec37adfeee410230582a
Opcode Fuzzy Hash: 18535fbcc1c3291b499e8e54c5bbcc61516be26d48224b1c5d4ab9802cf573ba
Instruction Fuzzy Hash: C5C10372619BC496D660CB16F8807AAB7A8FB89BC4F544126EB8C43B59DF38C155CB04

Function 00007FF8A92D2135 Relevance: 10.6, APIs: 7, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF8A934ECC0
RtlCaptureContext.KERNEL32 ref: 00007FF8A934ECED
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF8A934ED07
RtlVirtualUnwind.KERNEL32 ref: 00007FF8A934ED48
IsDebuggerPresent.KERNEL32 ref: 00007FF8A934ED9C
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF8A934EDBD
UnhandledExceptionFilter.KERNEL32 ref: 00007FF8A934EDC8

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: a32b81c2ff6dfccb19a9728fe67c5763d4d0aea259f9004b58da64eb6530d66a
Instruction ID: 0bd23a50453fb659f648ead88f654aeae05f26b8bd79584f015443373e0a7887
Opcode Fuzzy Hash: a32b81c2ff6dfccb19a9728fe67c5763d4d0aea259f9004b58da64eb6530d66a
Instruction Fuzzy Hash: 9B315C7661AEC1A9EB608F60E8403ED6370FB84785F445039DA4D87B98DF7CD648C714

Function 00007FF6E215D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6E215D148
RtlCaptureContext.KERNEL32 ref: 00007FF6E215D175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6E215D18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF6E215D1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF6E215D224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6E215D241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6E215D24C

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: 7edca1d3394ab746c28357a8ee3b33e26f8d548fc3ccf9a36028711439e90a6f
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: E7315C73A09B8186EB608F60E8843EE3361FB95708F04403ADB4E87B94DF79D648C705

Function 00007FF6E2175C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6E2175C45

Part of subcall function 00007FF6E2175598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21755AC

Part of subcall function 00007FF6E216A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
Part of subcall function 00007FF6E216A948: GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

Part of subcall function 00007FF6E216A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6E216A8DF,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216A909
Part of subcall function 00007FF6E216A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6E216A8DF,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216A92E

_get_daylight.LIBCMT ref: 00007FF6E2175C34

Part of subcall function 00007FF6E21755F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E217560C

_get_daylight.LIBCMT ref: 00007FF6E2175EAA
_get_daylight.LIBCMT ref: 00007FF6E2175EBB
_get_daylight.LIBCMT ref: 00007FF6E2175ECC
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E217610C), ref: 00007FF6E2175EF3

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID:
API String ID: 4070488512-0
Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction ID: c21f94be5ef94d7bb4a99adc6697a178678c1d8f23b357d24c335c03a63720ff
Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction Fuzzy Hash: DAD1BC23E1824296E7249F25D8803F96762EBC6788F448035EF0DC76D5DFBEE641874A

Function 00007FF8A828F620 Relevance: 9.2, APIs: 6, Instructions: 245COMMON

Download Yara Rule

APIs

00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A828F675
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A828F6C6
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A828F71A
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A828F7C1
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A828F80D
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A828F833

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$A2419$C6138
String ID:
API String ID: 3559315223-0
Opcode ID: 4d5f8cb658c489e435210d4949c78672a3c0ff4360f256d3127a63e6ec7d7eb5
Instruction ID: 9792dee4f3cd5ecdb8d32ccfac13feb05c835e586a537583c648937177ee32df
Opcode Fuzzy Hash: 4d5f8cb658c489e435210d4949c78672a3c0ff4360f256d3127a63e6ec7d7eb5
Instruction Fuzzy Hash: 7BA1F722A19FC5A9EA128B35A4007BAB755FF967C4F048332DE4E27659DF3CE086C714

Function 00007FF8A8290F00 Relevance: 9.2, APIs: 6, Instructions: 239COMMON

Download Yara Rule

APIs

00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A8290F55
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A8290FA6
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A8290FFA
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82910A1
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82910ED
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A8291113

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$A2419$C6138
String ID:
API String ID: 3559315223-0
Opcode ID: bead9de0f35735378f23ea55d365871010558179f8230bb8be135924470135c2
Instruction ID: ce78683a43679cfcf34a19926a24d2a1df44ce04f4428851d18b86a3fb8c1bbe
Opcode Fuzzy Hash: bead9de0f35735378f23ea55d365871010558179f8230bb8be135924470135c2
Instruction Fuzzy Hash: 77A11422A19FC599E6128B75A4007BAB765FF967C4F448232DE8E27658DF3CE082C714

Function 00007FF8A8292750 Relevance: 9.2, APIs: 6, Instructions: 239COMMON

Download Yara Rule

APIs

00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82927A5
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82927F6
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A829284A
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82928F1
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A829293D
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A8292963

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$A2419$C6138
String ID:
API String ID: 3559315223-0
Opcode ID: ae739e9c8768b61d34a53e8380dbf225ba3c88fc2270ed3bf18cf53171ac132b
Instruction ID: 35a2587b568c5b0d307a3e334c6b8bf2a4c7d844a6a29f630e5242fe0eda6a21
Opcode Fuzzy Hash: ae739e9c8768b61d34a53e8380dbf225ba3c88fc2270ed3bf18cf53171ac132b
Instruction Fuzzy Hash: 18A12522A1AFC599E6128B35A4003BAB755FF967C0F048332DE5E27659DF3CE082C714

Function 00007FF6E216A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6E216A68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6E216A6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF6E216A6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF6E216A719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6E216A723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6E216A72E

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: 2dbbba5189a78a9a9ec759c725910a8f6a79c7b8fb61533b103f6baa5aee0b4a
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: 78316B33A18B8186DB208B25E8843EE73A5FB99758F540135EB8EC3B94DF7DD2458B05

Function 00007FF8A92D1CC1 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 292COMMON

Download Yara Rule

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FF8A93469F9, 00007FF8A9346AA6, 00007FF8A9346BBE, 00007FF8A9346BDE, 00007FF8A9346C30, 00007FF8A9346CA9, 00007FF8A9346D80
resumption, xrefs: 00007FF8A9346ADE
tls_construct_new_session_ticket, xrefs: 00007FF8A93469ED, 00007FF8A9346A9A, 00007FF8A9346C24, 00007FF8A9346C9D
construct_stateful_ticket, xrefs: 00007FF8A9346D74

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket$resumption$tls_construct_new_session_ticket
API String ID: 0-1194634662
Opcode ID: 96c2b8e8d74ccfb18905530cb5a97d3460de52489f7ac5e01577cab4798c2ebd
Instruction ID: 9e3b6017e4befeede0524a36f8868dc621f02f565ed366503de6d16410cbe901
Opcode Fuzzy Hash: 96c2b8e8d74ccfb18905530cb5a97d3460de52489f7ac5e01577cab4798c2ebd
Instruction Fuzzy Hash: 78D17E22A0EAC2A5FB509F26D8406E977A0EBC5BC9F495036EE4C8775ADF7CE541C700

Function 00007FF8A828E0E0 Relevance: 7.9, APIs: 5, Instructions: 359COMMON

Download Yara Rule

APIs

00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A828E391
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A828E415
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A828E5A1
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A828E600
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A828E650

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C6138
String ID:
API String ID: 2722774091-0
Opcode ID: a405a8573ef0059d34fbf0adc7b897dd3450eafbcd56fe8aba266c0f98d92266
Instruction ID: 9ee85514e41694e553ae0f3e4a66fe60a3c272adfd43d2676eed7b13b4ab4050
Opcode Fuzzy Hash: a405a8573ef0059d34fbf0adc7b897dd3450eafbcd56fe8aba266c0f98d92266
Instruction Fuzzy Hash: 27E1FA35F19E855AFA17973890003B9A356FFA67D4F158332D94F33758EB3CA4828614

Function 00007FF6E2171874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21718C0
FindFirstFileExW.KERNEL32 ref: 00007FF6E21719CA

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
Instruction ID: 6c393394069bc4215b11d833ee78c6cce62ca57a7224454f15f98c1ffa4e4691
Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
Instruction Fuzzy Hash: 28B1C323F1868241EA609B25D4003F963A2EB86BE8F485131DF4DC7BC5EEBDE641C305

Function 00007FF8A92D1EE7 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 461COMMON

Download Yara Rule

APIs

00007FF8C61208A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8A932C95A

Strings

D:\a\1\s\include\internal/packet.h, xrefs: 00007FF8A932C755, 00007FF8A932C769
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FF8A932C7A3, 00007FF8A932CAE8, 00007FF8A932CB36, 00007FF8A932CC57, 00007FF8A932CD31, 00007FF8A932CD90
tls_parse_ctos_psk, xrefs: 00007FF8A932CADC, 00007FF8A932CB2F, 00007FF8A932CC50, 00007FF8A932CD2A, 00007FF8A932CD89

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C61208
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_psk
API String ID: 3535234312-3130753023
Opcode ID: 7627f31dee975c6d768a394e5d6b8bcbc2deb779cee5e3752deeb65e0231a3f5
Instruction ID: 7401c00cf95b337987a87be284aa7da7cd48beb98fbf319b99afac4f36e274ba
Opcode Fuzzy Hash: 7627f31dee975c6d768a394e5d6b8bcbc2deb779cee5e3752deeb65e0231a3f5
Instruction Fuzzy Hash: A512A162A0EEC261F7509F6594446BEB7B1EF91BC4F046032EE4D87A9ADF7CE5418700

Function 00007FF8A82A7AF0 Relevance: 6.2, APIs: 4, Instructions: 169COMMON

Download Yara Rule

APIs

00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82A7BD1
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A7C8A
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A7CE7
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A7D36

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$C6138$A2419
String ID:
API String ID: 2638009314-0
Opcode ID: 356486f7cd09bba83d452288d2f2bf37ab3cbbea5aa855d9c4ad7cdf557bac0d
Instruction ID: 1526b07bc9ae380ca30f61cb21f01535dfc50263ff8e568e2f8591ec67a3c35a
Opcode Fuzzy Hash: 356486f7cd09bba83d452288d2f2bf37ab3cbbea5aa855d9c4ad7cdf557bac0d
Instruction Fuzzy Hash: BF613962F0AE855DE927873491013BAE256EFA57D4F05C332DA8F36A48EF2DA042C51C

Function 00007FF8A82A0650 Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A82A0712
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A078D
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A07EA
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A82A0841

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$C6138$A2419
String ID:
API String ID: 2638009314-0
Opcode ID: 5b56463fd863cf154fbcd706ef899aa10349edf28a230e844891e3160064b196
Instruction ID: 399ef060f5005f9e02a89be54d43e02eeeaf998a58fb83e604669d812cf7da68
Opcode Fuzzy Hash: 5b56463fd863cf154fbcd706ef899aa10349edf28a230e844891e3160064b196
Instruction Fuzzy Hash: 3B512721F1AE459DE507863881113BAE25AEF657D4E15C332E94F33A59DF3DB083C918

Function 00007FF6E2175E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6E2175EAA

Part of subcall function 00007FF6E21755F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E217560C

_get_daylight.LIBCMT ref: 00007FF6E2175EBB

Part of subcall function 00007FF6E2175598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21755AC

_get_daylight.LIBCMT ref: 00007FF6E2175ECC

Part of subcall function 00007FF6E21755C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21755DC

Part of subcall function 00007FF6E216A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
Part of subcall function 00007FF6E216A948: GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6E217610C), ref: 00007FF6E2175EF3

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
Instruction ID: 99d2a59c9df3fa0981c408bdb53a70e523697dc7540e0f17aadc0cc14e9d67e3
Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
Instruction Fuzzy Hash: C8519B33E0864286E720DF25D8813E96762FB89788F404135EB0DC36D5DFBEE600874A

Function 00007FF8A92D24EB Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 332COMMON

Download Yara Rule

APIs

00007FF8C61208A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8A932333A

Strings

tls_construct_ctos_psk, xrefs: 00007FF8A93232DB, 00007FF8A93233DB, 00007FF8A9323423, 00007FF8A93234F5, 00007FF8A93236DF, 00007FF8A932371C, 00007FF8A9323752
..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FF8A93232E7, 00007FF8A93233E7, 00007FF8A932342F, 00007FF8A9323501, 00007FF8A93236EB, 00007FF8A9323728, 00007FF8A932375E

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C61208
String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_psk
API String ID: 3535234312-446233508
Opcode ID: b36fb01384b575ec35d89c0d8260da8a6938daa3986464ee3d691d16473f4eab
Instruction ID: 3881f91dc36888f0b5ac0332b3bdbf3d23cce3b9fe631f1a687120347af98623
Opcode Fuzzy Hash: b36fb01384b575ec35d89c0d8260da8a6938daa3986464ee3d691d16473f4eab
Instruction Fuzzy Hash: D5E1A061A0EAC2A2FB549F15A8406BA77A4EF94FC4F441036EE4DC7A8ADF7CE501C700

Function 00007FF6E2155830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155840
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155852
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155889
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215589B
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558B4
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558C6
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558DF
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21558F1
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215590D
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215591F
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215593B
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215594D
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155969
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E215597B
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E2155997
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21559A9
GetProcAddress.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21559C5
GetLastError.KERNEL32(?,00007FF6E21564CF,?,00007FF6E215336E), ref: 00007FF6E21559D7

Strings

PyModule_GetDict, xrefs: 00007FF6E2155CC9, 00007FF6E2155CEB
PyImport_ImportModule, xrefs: 00007FF6E2155C3F, 00007FF6E2155C61
PyUnicode_Replace, xrefs: 00007FF6E2155FD7, 00007FF6E2155FF9
PyErr_Occurred, xrefs: 00007FF6E2155B2B, 00007FF6E2155B4D
Py_DecodeLocale, xrefs: 00007FF6E215587F, 00007FF6E21558A1
PyErr_Restore, xrefs: 00007FF6E2155B87, 00007FF6E2155BA9
PyUnicode_DecodeFSDefault, xrefs: 00007FF6E2155F1F, 00007FF6E2155F41
PyErr_Print, xrefs: 00007FF6E2155B59, 00007FF6E2155B7B
PyUnicode_FromFormat, xrefs: 00007FF6E2155F4D, 00007FF6E2155F6F
Py_ExitStatusException, xrefs: 00007FF6E21558AA, 00007FF6E21558CC
Py_IsInitialized, xrefs: 00007FF6E2155931, 00007FF6E2155953
PySys_SetObject, xrefs: 00007FF6E2155E95, 00007FF6E2155EB7
PyConfig_InitIsolatedConfig, xrefs: 00007FF6E21559BB, 00007FF6E21559DD
PyObject_CallFunctionObjArgs, xrefs: 00007FF6E2155D25, 00007FF6E2155D47
PyMem_RawFree, xrefs: 00007FF6E2155C9B, 00007FF6E2155CBD
PyUnicode_Join, xrefs: 00007FF6E2155FA9, 00007FF6E2155FCB
PyConfig_SetBytesString, xrefs: 00007FF6E2155A17, 00007FF6E2155A39
Failed to get address for %hs, xrefs: 00007FF6E2155861
PyConfig_SetString, xrefs: 00007FF6E2155A45, 00007FF6E2155A67
PyConfig_Read, xrefs: 00007FF6E21559E9, 00007FF6E2155A0B
PyImport_ExecCodeModule, xrefs: 00007FF6E2155C11, 00007FF6E2155C33
PyConfig_Clear, xrefs: 00007FF6E215598D, 00007FF6E21559AF
PyStatus_Exception, xrefs: 00007FF6E2155E39, 00007FF6E2155E5B
PyObject_Str, xrefs: 00007FF6E2155DAF, 00007FF6E2155DD1
PyMarshal_ReadObjectFromString, xrefs: 00007FF6E2155C6D, 00007FF6E2155C8F
PyUnicode_AsUTF8, xrefs: 00007FF6E2155EC3, 00007FF6E2155EE5
PyObject_SetAttrString, xrefs: 00007FF6E2155D81, 00007FF6E2155DA3
PyImport_AddModule, xrefs: 00007FF6E2155BE3, 00007FF6E2155C05
PyErr_NormalizeException, xrefs: 00007FF6E2155AFD, 00007FF6E2155B1F
PyObject_CallFunction, xrefs: 00007FF6E2155CF7, 00007FF6E2155D19
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF6E2155DDD, 00007FF6E2155DFF
PyEval_EvalCode, xrefs: 00007FF6E2155BB5, 00007FF6E2155BD7
Py_DecRef, xrefs: 00007FF6E2155836, 00007FF6E2155858
PyObject_GetAttrString, xrefs: 00007FF6E2155D53, 00007FF6E2155D75
PyUnicode_FromString, xrefs: 00007FF6E2155F7B, 00007FF6E2155F9D
Py_Finalize, xrefs: 00007FF6E21558D5, 00007FF6E21558F7
PyErr_Clear, xrefs: 00007FF6E2155AA1, 00007FF6E2155AC3
PyRun_SimpleStringFlags, xrefs: 00007FF6E2155E0B, 00007FF6E2155E2D
PySys_GetObject, xrefs: 00007FF6E2155E67, 00007FF6E2155E89
Py_InitializeFromConfig, xrefs: 00007FF6E2155903, 00007FF6E2155925
PyErr_Fetch, xrefs: 00007FF6E2155ACF, 00007FF6E2155AF1
PyUnicode_Decode, xrefs: 00007FF6E2155EF1, 00007FF6E2155F13
GetProcAddress, xrefs: 00007FF6E2155868
Py_PreInitialize, xrefs: 00007FF6E215595F, 00007FF6E2155981
PyConfig_SetWideStringList, xrefs: 00007FF6E2155A73, 00007FF6E2155A95

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: 61912f7acd12f7028def84b506919813b99d23d3d85f1c986a977b6d58bc4d6c
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: 9922B366D49B07A1FA558B55E8147F422A3BF8674DF541035C61FC22A0FFFEA788830A

Function 00007FF6E21576C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF6E21576D7
GetLastError.KERNEL32 ref: 00007FF6E21576E9
GetProcAddress.KERNEL32 ref: 00007FF6E2157725
GetLastError.KERNEL32 ref: 00007FF6E2157737
GetProcAddress.KERNEL32 ref: 00007FF6E2157750
GetLastError.KERNEL32 ref: 00007FF6E2157762
GetProcAddress.KERNEL32 ref: 00007FF6E215777B
GetLastError.KERNEL32 ref: 00007FF6E215778D
GetProcAddress.KERNEL32 ref: 00007FF6E21577A9
GetLastError.KERNEL32 ref: 00007FF6E21577BB
GetProcAddress.KERNEL32 ref: 00007FF6E21577D7
GetLastError.KERNEL32 ref: 00007FF6E21577E9
GetProcAddress.KERNEL32 ref: 00007FF6E2157805
GetLastError.KERNEL32 ref: 00007FF6E2157817
GetProcAddress.KERNEL32 ref: 00007FF6E2157833
GetLastError.KERNEL32 ref: 00007FF6E2157845
GetProcAddress.KERNEL32 ref: 00007FF6E2157861
GetLastError.KERNEL32 ref: 00007FF6E2157873

Strings

Tcl_ConditionNotify, xrefs: 00007FF6E215796B, 00007FF6E215798D
Tcl_Free, xrefs: 00007FF6E2157C4B, 00007FF6E2157C6D
Tcl_CreateObjCommand, xrefs: 00007FF6E2157A7F, 00007FF6E2157AA1
Tcl_CreateInterp, xrefs: 00007FF6E215771B, 00007FF6E215773D
Tcl_GetVar2, xrefs: 00007FF6E2157A23, 00007FF6E2157A45
Tcl_FindExecutable, xrefs: 00007FF6E2157746, 00007FF6E2157768
Tcl_SetVar2Ex, xrefs: 00007FF6E2157B37, 00007FF6E2157B59
Tcl_EvalEx, xrefs: 00007FF6E2157BC1, 00007FF6E2157BE3
Tcl_SetVar2, xrefs: 00007FF6E2157A51, 00007FF6E2157A73
Failed to get address for %hs, xrefs: 00007FF6E21576F8
Tcl_ThreadQueueEvent, xrefs: 00007FF6E21579C7, 00007FF6E21579E9
Tcl_Init, xrefs: 00007FF6E21576D0, 00007FF6E21576EF
Tcl_MutexLock, xrefs: 00007FF6E21578B3, 00007FF6E21578D5
Tcl_ThreadAlert, xrefs: 00007FF6E21579F5, 00007FF6E2157A17
Tcl_NewByteArrayObj, xrefs: 00007FF6E2157B09, 00007FF6E2157B2B
Tcl_Finalize, xrefs: 00007FF6E215779F, 00007FF6E21577C1
Tcl_FinalizeThread, xrefs: 00007FF6E21577CD, 00007FF6E21577EF
Tk_GetNumMainWindows, xrefs: 00007FF6E2157CA7, 00007FF6E2157CC9
Tcl_CreateThread, xrefs: 00007FF6E2157829, 00007FF6E215784B
Tcl_JoinThread, xrefs: 00007FF6E2157885, 00007FF6E21578A7
Tcl_Alloc, xrefs: 00007FF6E2157C1D, 00007FF6E2157C3F
Tcl_ConditionWait, xrefs: 00007FF6E2157999, 00007FF6E21579BB
Tcl_EvalFile, xrefs: 00007FF6E2157B93, 00007FF6E2157BB5
Tcl_DeleteInterp, xrefs: 00007FF6E21577FB, 00007FF6E215781D
Tcl_GetCurrentThread, xrefs: 00007FF6E2157857, 00007FF6E2157879
Tcl_NewStringObj, xrefs: 00007FF6E2157ADB, 00007FF6E2157AFD
Tcl_EvalObjv, xrefs: 00007FF6E2157BEF, 00007FF6E2157C11
Tk_Init, xrefs: 00007FF6E2157C79, 00007FF6E2157C9B
Tcl_DoOneEvent, xrefs: 00007FF6E2157771, 00007FF6E2157793
Tcl_MutexFinalize, xrefs: 00007FF6E215790F, 00007FF6E2157931
Tcl_MutexUnlock, xrefs: 00007FF6E21578E1, 00007FF6E2157903
Tcl_ConditionFinalize, xrefs: 00007FF6E215793D, 00007FF6E215795F
GetProcAddress, xrefs: 00007FF6E21576FF
Tcl_GetString, xrefs: 00007FF6E2157AAD, 00007FF6E2157ACF
Tcl_GetObjResult, xrefs: 00007FF6E2157B65, 00007FF6E2157B87

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: d4fcec3a5ca4f9591e8bb36d8304c89a6795169d3bb1fb21de402dbcca68c2b9
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: D702BD22D4DB0B81FA159B55E8157F422B3BF8675CF440071D62EC22A4EFBEB349824A

Function 00007FF6E21581D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E2159390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E21545F4,00000000,00007FF6E2151985), ref: 00007FF6E21593C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF6E21586B7,?,?,00000000,00007FF6E2153CBB), ref: 00007FF6E215822C

Part of subcall function 00007FF6E2152810: MessageBoxW.USER32 ref: 00007FF6E21528EA

Strings

\, xrefs: 00007FF6E2158261
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6E21582D9
CreateDirectory, xrefs: 00007FF6E215837C
%.*s, xrefs: 00007FF6E215830C
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF6E2158373
LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6E2158240
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF6E215829D
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6E2158203

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: d247d3a0ca85f1815ed913d402e51827366718a31552b00c9fe28dde0a2555e6
Instruction ID: 742266539339f380f7d01bb8cc031d0b1cb4cf8df55caaf7343e42ed436f9aba
Opcode Fuzzy Hash: d247d3a0ca85f1815ed913d402e51827366718a31552b00c9fe28dde0a2555e6
Instruction Fuzzy Hash: 0B51C613E6C64641FA509B24E8513FA2292AF9478CF444431DB0EC26D5EFBEE744C34A

Function 00007FF6E2151600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to open archive file!, xrefs: 00007FF6E21516A2
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF6E21517CA
malloc, xrefs: 00007FF6E2151749
fopen, xrefs: 00007FF6E2151663
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6E21517DF
fwrite, xrefs: 00007FF6E21517D1
Failed to create symbolic link %s!, xrefs: 00007FF6E2151622
fseek, xrefs: 00007FF6E21516E1
fread, xrefs: 00007FF6E21517E6
Failed to extract %s: failed to open target file!, xrefs: 00007FF6E215165C
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF6E2151742
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6E21516DA

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: 7b3dbec223ebe4a5612306ee09dd1c56cff58f7effc42cf14bd45051afb99717
Instruction ID: 14f70254904721b0c814fe08b53c9a12940062c80676413d58f49948e9547f18
Opcode Fuzzy Hash: 7b3dbec223ebe4a5612306ee09dd1c56cff58f7effc42cf14bd45051afb99717
Instruction Fuzzy Hash: 5F51AC63E4864282EA11AB55D4402E92393BF8179CF484571EF1DC77D2DFBEE744830A

Function 00007FF8A92E5CA0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 101COMMON

Download Yara Rule

APIs

00007FF8C6126570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A92E5CD6
00007FF8C6126570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A92E5D07

Strings

SUITEB128, xrefs: 00007FF8A92E5D2B
SUITEB128C2, xrefs: 00007FF8A92E5CFA
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384, xrefs: 00007FF8A92E5DEC
SUITEB192, xrefs: 00007FF8A92E5D59
check_suiteb_cipher_list, xrefs: 00007FF8A92E5DA5
ECDHE-ECDSA-AES256-GCM-SHA384, xrefs: 00007FF8A92E5DF3, 00007FF8A92E5E03
SUITEB128ONLY, xrefs: 00007FF8A92E5CCA
..\s\ssl\ssl_ciph.c, xrefs: 00007FF8A92E5DB1
ECDHE-ECDSA-AES128-GCM-SHA256, xrefs: 00007FF8A92E5E0F

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C6126570
String ID: ..\s\ssl\ssl_ciph.c$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192$check_suiteb_cipher_list
API String ID: 800424832-1099454403
Opcode ID: 4fb00667328cc24e5a01ced80a969a7b37fcff98c645767f26b4f54dc518abc7
Instruction ID: c563ee35b0c5614965acc9c9b6318722f8a54a8b21b8a48516029118308d5d9f
Opcode Fuzzy Hash: 4fb00667328cc24e5a01ced80a969a7b37fcff98c645767f26b4f54dc518abc7
Instruction Fuzzy Hash: 1E416135A2EA82AAFB149F14E89077827B1EB487C4F445435EA1DC7698EF6CE550C701

Function 00007FF6E2152180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF6E21521AB
SelectObject.GDI32 ref: 00007FF6E21521F2
DrawTextW.USER32 ref: 00007FF6E2152215
SelectObject.GDI32 ref: 00007FF6E215222B
ReleaseDC.USER32 ref: 00007FF6E215223B
MoveWindow.USER32 ref: 00007FF6E215228B
MoveWindow.USER32 ref: 00007FF6E21522CB
MoveWindow.USER32 ref: 00007FF6E215231E
MoveWindow.USER32 ref: 00007FF6E2152366

Strings

P%, xrefs: 00007FF6E21521FF

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: 88934d0cb49f134a6707a2c70a978a97294f9114fbb6d15c30608fcc9f30caa8
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: 36511627A04BA186D6249F22E4182BAB7A2FB98B65F004131EFDFC3694DF7CD145CB14

Function 00007FF6E21580C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF6E21580FF
GetWindowLongPtrW.USER32 ref: 00007FF6E215817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF6E2158192
GetLastError.KERNEL32 ref: 00007FF6E215819C
SetWindowLongPtrW.USER32 ref: 00007FF6E21581B3

Strings

Needs to remove its temporary files., xrefs: 00007FF6E2158185

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: 05de7c8ada41b03055de0bd0b14ba55dc046350cd25bbd3725ebefc9006d3b17
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: 0D217322F48A4681E6418B7AF8443A96252BF89B98F594130DB1EC33D4DEADD7808306

Function 00007FF8A8142740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF8A8142768
__scrt_initialize_crt.LIBCMT ref: 00007FF8A81427AD
__scrt_acquire_startup_lock.LIBCMT ref: 00007FF8A81427BA
_RTC_Initialize.LIBCMT ref: 00007FF8A81427E8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FF8A814280E
__scrt_release_startup_lock.LIBCMT ref: 00007FF8A8142839

Memory Dump Source

Source File: 00000002.00000002.2177832756.00007FF8A8141000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A8140000, based on PE: true

Associated: 00000002.00000002.2177799498.00007FF8A8140000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81A2000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81EE000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81F2000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81F7000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A824F000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A8254000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A8257000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2180094427.00007FF8A8258000.00000080.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2180136487.00007FF8A825A000.00000004.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8140000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 349153199-0
Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
Instruction ID: 108b3856c62005933313071864958c6f4c4a9b3eb4e7fc63b751647b053e23c1
Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
Instruction Fuzzy Hash: 0B81C0E9E1E243F6FA669B6694412B922D0EF957C0F148135D90C837A6DF7CE885C338

Function 00007FF6E2166290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21662D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21666C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216695C

Strings

f, xrefs: 00007FF6E21663F5
:, xrefs: 00007FF6E216648C
-, xrefs: 00007FF6E2166369
p, xrefs: 00007FF6E21663FD
p, xrefs: 00007FF6E2166385

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: e5618eb1ce352b458c9695171c1a42a65443f160b02f216b9756641bcd42cc2d
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 4B1291B3E2928386FB245A14A1843FD7757EB40798F844135D789C66C4DFBEE6808B4A

Function 00007FF6E2160FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2161008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21613D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216166F

Strings

f, xrefs: 00007FF6E2161255
p, xrefs: 00007FF6E21610AD
f, xrefs: 00007FF6E21610A0
p, xrefs: 00007FF6E2161112
f, xrefs: 00007FF6E216110A

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: 012b4fa190d1dc8efa997cde36dcfe31ac972b722b789b4e8db7d436b7d9d1fa
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: 9F126173E2814385FB209A1590943FE66A3FB40758F8C4135D79AC6BC4DFBEE6408B4A

Function 00007FF6E2151050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6E2151108
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6E2151098
malloc, xrefs: 00007FF6E215110F
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6E21511F6
fseek, xrefs: 00007FF6E21510D3
fread, xrefs: 00007FF6E21511FD
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6E21510CC

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: c7bb58550f5bcf0f519764ea051c05a3a8a65a2fbe38e578e675a30a6b1f643e
Instruction ID: 1b4945884bc05787d5cbd5d763a2a2da40c4ec091888413efe6f6bcb72c90348
Opcode Fuzzy Hash: c7bb58550f5bcf0f519764ea051c05a3a8a65a2fbe38e578e675a30a6b1f643e
Instruction Fuzzy Hash: 84418E23E1825285EA11DB21D8407F96393BF45B88F5844B1EF0DC7785DEBEE301874A

Function 00007FF6E2158660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF6E2153CBB), ref: 00007FF6E2158704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF6E2153CBB), ref: 00007FF6E215870A
CreateDirectoryW.KERNEL32(?,00000000,00007FF6E2153CBB), ref: 00007FF6E215874C

Part of subcall function 00007FF6E2158830: GetEnvironmentVariableW.KERNEL32(00007FF6E215388E), ref: 00007FF6E2158867
Part of subcall function 00007FF6E2158830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6E2158889

Part of subcall function 00007FF6E2168238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2168251

Part of subcall function 00007FF6E2152810: MessageBoxW.USER32 ref: 00007FF6E21528EA

Strings

LOADER: failed to set the TMP environment variable., xrefs: 00007FF6E21586DC
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF6E215877E
TMP, xrefs: 00007FF6E215869C, 00007FF6E21587A3
_MEI%d, xrefs: 00007FF6E2158712
TMP, xrefs: 00007FF6E21586C2

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: 881e4fca8e19ec4ab2ebb52834f4ac375ff8f2bae867f31c8bf391ae1f14406c
Instruction ID: b6b1e06ab56150865575e8018c6460c5ad60f7de8c75506e6a76c0b049cfb0fc
Opcode Fuzzy Hash: 881e4fca8e19ec4ab2ebb52834f4ac375ff8f2bae867f31c8bf391ae1f14406c
Instruction Fuzzy Hash: DE41B523E2964644EA20AB65A8513F91293AF857CCF810071DF0DC77DADEBED745C24A

Function 00007FF6E215EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6E215EA65

Part of subcall function 00007FF6E215F9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF6E215F9FF
Part of subcall function 00007FF6E215F9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6E215FA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6E215EB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6E215ED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6E215EE98

Strings

csm, xrefs: 00007FF6E215EA7F
csm, xrefs: 00007FF6E215EB60
csm, xrefs: 00007FF6E215EAE6

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: e873157a30fdeca8cc168d8440ee694608d8766e394dd7dd1580fce55440d0fc
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: 22D15A23E48B418AEB209B6594403ED77A2FB4578CF100175EB4DD7B96DFBAE680C706

Function 00007FF8A92D2545 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 206COMMON

Download Yara Rule

APIs

00007FF8C61A3420.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF8A92E2008
GetLastError.KERNEL32 ref: 00007FF8A92E2172

Strings

SSL_add_dir_cert_subjects_to_stack, xrefs: 00007FF8A92E215A, 00007FF8A92E2193, 00007FF8A92E221D
calling OPENSSL_dir_read(%s), xrefs: 00007FF8A92E217B
%s/%s, xrefs: 00007FF8A92E1FE8
..\s\ssl\ssl_cert.c, xrefs: 00007FF8A92E2166, 00007FF8A92E219F, 00007FF8A92E21DC, 00007FF8A92E2229
SSL_add_file_cert_subjects_to_stack, xrefs: 00007FF8A92E21D0

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007A3420ErrorLast
String ID: %s/%s$..\s\ssl\ssl_cert.c$SSL_add_dir_cert_subjects_to_stack$SSL_add_file_cert_subjects_to_stack$calling OPENSSL_dir_read(%s)
API String ID: 3659664395-502574948
Opcode ID: de604455da3dd15423185ed5a6f4ce6acae7e7dc6e9530e8d9251f24d1117e73
Instruction ID: 7345cad3d571278f04232ff17b7caedcb894e581a66e2e929ef26e2ed57736a5
Opcode Fuzzy Hash: de604455da3dd15423185ed5a6f4ce6acae7e7dc6e9530e8d9251f24d1117e73
Instruction Fuzzy Hash: 64917551A0EAC265FA50AF15A8517FE66A0EFC57C1F416031EA5EC7B9ADF3CE501C700

Function 00007FF6E2152C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6E2153706,?,00007FF6E2153804), ref: 00007FF6E2152D63
MessageBoxW.USER32 ref: 00007FF6E2152D99

Strings

%ls: , xrefs: 00007FF6E2152D22
[PYI-%d:ERROR] , xrefs: 00007FF6E2152CA6
<FormatMessageW failed.>, xrefs: 00007FF6E2152D70
Error, xrefs: 00007FF6E2152D8C

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: 408ea30f5687263fdc0cccce5ffd321b9b69d55d8b90508c40bea3a33e5b9d72
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 7531B423F08A4142E6209B65E8543EA6692BF8879CF414136EF4ED3799DF7ED706C305

Function 00007FF8A92D1497 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 306COMMON

Download Yara Rule

Strings

, xrefs: 00007FF8A9328F9E
tls_construct_stoc_cookie, xrefs: 00007FF8A9328C8E, 00007FF8A9328EB9, 00007FF8A9329047, 00007FF8A93290C3, 00007FF8A9329137
SHA2-256, xrefs: 00007FF8A9328FD2
HMAC, xrefs: 00007FF8A9328F86
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FF8A9328C9A, 00007FF8A9328EC5, 00007FF8A932904E, 00007FF8A93290CF, 00007FF8A932913E

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: $..\s\ssl\statem\extensions_srvr.c$HMAC$SHA2-256$tls_construct_stoc_cookie
API String ID: 0-1087561517
Opcode ID: d743759746665b7db7d4fba4d59fd9459b03d2bc73fc4485894cad057df26e57
Instruction ID: ead0aa2a9f34a8e4f9ee522bbab56783cc3dc0d1038c0b2f615b5f4fd38e7af6
Opcode Fuzzy Hash: d743759746665b7db7d4fba4d59fd9459b03d2bc73fc4485894cad057df26e57
Instruction Fuzzy Hash: 17D15A65B0EAC365FB54AE629A543F922B5EF957C4F046032DE0EC7B8ADE3DE4058310

Function 00007FF8A92D26F8 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 257COMMON

Download Yara Rule

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FF8A92FA7ED, 00007FF8A92FA82C, 00007FF8A92FA8EA, 00007FF8A92FA956, 00007FF8A92FA9B1, 00007FF8A92FA9CA, 00007FF8A92FA9E4, 00007FF8A92FAA61, 00007FF8A92FAA97, 00007FF8A92FAABB, 00007FF8A92FAAEB, 00007FF8A92FAB0F, 00007FF8A92FAB30, 00007FF8A92FAB46, 00007FF8A92FAB5C, 00007FF8A92FAB72
SERVERINFO FOR , xrefs: 00007FF8A92FA8A5
SERVERINFOV2 FOR , xrefs: 00007FF8A92FA90D
SSL_CTX_use_serverinfo_file, xrefs: 00007FF8A92FA7E1, 00007FF8A92FA820, 00007FF8A92FA8E3, 00007FF8A92FAA55, 00007FF8A92FAA8B, 00007FF8A92FAAB4, 00007FF8A92FAADF, 00007FF8A92FAB03

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: ..\s\ssl\ssl_rsa.c$SERVERINFO FOR $SERVERINFOV2 FOR $SSL_CTX_use_serverinfo_file
API String ID: 0-2528746747
Opcode ID: d40431e4e7c82da1deeb9ad1052418d7cfdc64fe3625217e02e6807bcc9b9d45
Instruction ID: 7d93c594285485eb41571532b4c50df7720580f1e26013cf6aaf0d504d12f946
Opcode Fuzzy Hash: d40431e4e7c82da1deeb9ad1052418d7cfdc64fe3625217e02e6807bcc9b9d45
Instruction Fuzzy Hash: 01B1AD61B0EAC2B5FB109F61D8401FD67B5EF847C4F415032DA1D87A9AEE7CEA4A8350

Function 00007FF6E215DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DD4D
GetLastError.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DD85
FreeLibrary.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DDF3
GetProcAddress.KERNEL32(?,?,?,00007FF6E215DF7A,?,?,?,00007FF6E215DC6C,?,?,?,00007FF6E215D869), ref: 00007FF6E215DDFF

Strings

api-ms-, xrefs: 00007FF6E215DD6D

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: 95c771cabec28a3c76d36ac7e20500f862dbc6daecf9879bc77e05ec1bd34e95
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: 1F31A323F5A64291EE119B0298007F52396FF49BA8F594575DF1EC63C0EFBEE6448309

Function 00007FF6E2152A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6E215351A,?,00000000,00007FF6E2153F1B), ref: 00007FF6E2152AA0

Strings

0, xrefs: 00007FF6E2152B16
[PYI-%d:%s] , xrefs: 00007FF6E2152AA8
Warning, xrefs: 00007FF6E2152B1E
WARNING, xrefs: 00007FF6E2152AAF
Warning [ANSI Fallback], xrefs: 00007FF6E2152B0F

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: d410375d5844b05b3e0a0b63bbb84c81e7df705f1da650f82dbebd82308e0af6
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 2B219C33A18B8192E6209B50F8807EA6395FB88388F400136FF8DC3699DFBDD345C645

Function 00007FF6E2158570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6E2158590
OpenProcessToken.ADVAPI32 ref: 00007FF6E21585A3
GetTokenInformation.ADVAPI32 ref: 00007FF6E21585C8
GetLastError.KERNEL32 ref: 00007FF6E21585D2
GetTokenInformation.ADVAPI32 ref: 00007FF6E2158612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6E215862E
CloseHandle.KERNEL32 ref: 00007FF6E2158646

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: f75ab0f0843ea553283f31270fa2e47dd05c34398218a1d4d57149fb78d89f01
Instruction ID: 4323e6d103b4b3498319d9643d724ab856bddbdb4d8cd012e415deaf337ec80e
Opcode Fuzzy Hash: f75ab0f0843ea553283f31270fa2e47dd05c34398218a1d4d57149fb78d89f01
Instruction Fuzzy Hash: 17216432E0C64641EB108B59F4443AAA3A2FFC17A8F500235E76DC3AD4DFADD6458745

Function 00007FF6E216B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6E216B15F
FlsGetValue.KERNEL32 ref: 00007FF6E216B174
FlsSetValue.KERNEL32 ref: 00007FF6E216B195
FlsSetValue.KERNEL32 ref: 00007FF6E216B1C2
FlsSetValue.KERNEL32 ref: 00007FF6E216B1D3
FlsSetValue.KERNEL32 ref: 00007FF6E216B1E4
SetLastError.KERNEL32 ref: 00007FF6E216B1FF

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
Instruction ID: e1f3f71c3256f02eeca3c5fe9d79638161f450e54d9cd9ed07e66eaafeb849b9
Opcode Fuzzy Hash: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
Instruction Fuzzy Hash: ED216032F2C24241F9586325A5D13BD61835F547A8F104634EB2FD66C6DEAEE700430A

Function 00007FF6E2177D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6E2177D9D
GetLastError.KERNEL32 ref: 00007FF6E2177DA9
CloseHandle.KERNEL32 ref: 00007FF6E2177DC1
CreateFileW.KERNEL32 ref: 00007FF6E2177DEC
WriteConsoleW.KERNEL32 ref: 00007FF6E2177E0B

Strings

CONOUT$, xrefs: 00007FF6E2177DCD

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: dcd3743cc3b5115fc1c7fa79a171efcc07351f497d9f4dd2a899ab9b274a87fd
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: C911B422E18B4586E3508B12F8443A962A1FB89BE8F000234EB5EC77E4CFBDD6408709

Function 00007FF6E2158ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2158EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2158F5A

Part of subcall function 00007FF6E2159390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6E21545F4,00000000,00007FF6E2151985), ref: 00007FF6E21593C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2158FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2159044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E2159055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6E2153FA9), ref: 00007FF6E215906A

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: b9812aa4a412ff6f242132f81c88a7c8c76a4ef9029947ab8fd2a45bc25d6007
Instruction ID: 3bbcc77cdc3df311cdc1a10fd410afcfe26ab2058134a3a5b6f53534ec5cbeba
Opcode Fuzzy Hash: b9812aa4a412ff6f242132f81c88a7c8c76a4ef9029947ab8fd2a45bc25d6007
Instruction Fuzzy Hash: E541BF63E1968281EA309B12A4403EA7396FF85B88F040535DF4DD7789DFBEE600C74A

Function 00007FF6E21590E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E2158570: GetCurrentProcess.KERNEL32 ref: 00007FF6E2158590
Part of subcall function 00007FF6E2158570: OpenProcessToken.ADVAPI32 ref: 00007FF6E21585A3
Part of subcall function 00007FF6E2158570: GetTokenInformation.ADVAPI32 ref: 00007FF6E21585C8
Part of subcall function 00007FF6E2158570: GetLastError.KERNEL32 ref: 00007FF6E21585D2
Part of subcall function 00007FF6E2158570: GetTokenInformation.ADVAPI32 ref: 00007FF6E2158612
Part of subcall function 00007FF6E2158570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6E215862E
Part of subcall function 00007FF6E2158570: CloseHandle.KERNEL32 ref: 00007FF6E2158646

LocalFree.KERNEL32(?,00007FF6E2153C55), ref: 00007FF6E215916C
LocalFree.KERNEL32(?,00007FF6E2153C55), ref: 00007FF6E2159175

Strings

D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF6E2159142
S-1-3-4, xrefs: 00007FF6E2159121
D:(A;;FA;;;%s), xrefs: 00007FF6E2159157
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF6E2159183

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction ID: ca79256b2201b0e9c25f9119f18bf51f1d685f183fb2bcda15a90feb3d907493
Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction Fuzzy Hash: 29217E23E0874281F610AB50E8553EA62A2FF89788F444071EB4DC37C6DFBEDA44C786

Function 00007FF6E216B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B2D7
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B30D
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B33A
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B34B
FlsSetValue.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B35C
SetLastError.KERNEL32(?,?,?,00007FF6E2164F11,?,?,?,?,00007FF6E216A48A,?,?,?,?,00007FF6E216718F), ref: 00007FF6E216B377

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
Instruction ID: 16a10d63207adc22c3bb300239f9f2e70efcc1cf03d7c7063759c06853195491
Opcode Fuzzy Hash: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
Instruction Fuzzy Hash: BE119F32F1D24282FA58672196C03BE61439F447B8F184334EB2FD66D6DEAEE700430A

Function 00007FF6E2152910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6E2151B6A), ref: 00007FF6E215295E

Strings

Error [ANSI Fallback], xrefs: 00007FF6E21529FF
Error, xrefs: 00007FF6E2152A0E
[PYI-%d:ERROR] , xrefs: 00007FF6E2152966
%s: %s, xrefs: 00007FF6E21529E8

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 71cb21cc6a58a64456ed1b702b27e08c55f404536c1603049c3abeaa767209fa
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: 6831CF23F1868552E7209B61E8403EA6296BF887DCF400132EF8DC3789EFBDD6468205

Function 00007FF6E2152390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6E21523C8
DialogBoxIndirectParamW.USER32 ref: 00007FF6E215248E
DeleteObject.GDI32 ref: 00007FF6E21524C1
DestroyIcon.USER32 ref: 00007FF6E21524D3

Strings

Unhandled exception in script, xrefs: 00007FF6E21523F8

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 3b326f38696452fedce944a8216705a7f012b21920c96e855d1ab8eaac442c5d
Instruction ID: 849c3f58384829ff7cfeba30aa173ef21e552655eba930a71104ec1a1cf440d6
Opcode Fuzzy Hash: 3b326f38696452fedce944a8216705a7f012b21920c96e855d1ab8eaac442c5d
Instruction Fuzzy Hash: C1314E33A1968189EB209B61E8553FA6361FB89788F440135EB4EC7B89DF7DD201C706

Function 00007FF6E2152B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6E215918F,?,00007FF6E2153C55), ref: 00007FF6E2152BA0
MessageBoxW.USER32 ref: 00007FF6E2152C2A

Strings

[PYI-%d:%ls] , xrefs: 00007FF6E2152BA8
WARNING, xrefs: 00007FF6E2152BAF
Warning, xrefs: 00007FF6E2152C1D

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: f80ca236a00fec59ac5b0ce53c18fdd0d264ef7476104678795712c2a9738008
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: B121AB23B18B4192E6209B64F8847EA63A6EB88788F400136EF8ED3659DF7DD305C745

Function 00007FF6E2152710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6E2151B99), ref: 00007FF6E2152760

Strings

Error [ANSI Fallback], xrefs: 00007FF6E21527CF
[PYI-%d:%s] , xrefs: 00007FF6E2152768
Error, xrefs: 00007FF6E21527DE
ERROR, xrefs: 00007FF6E215276F

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: 766b3b422a524bfc67e2a999ddb9f607e2575c0cc339977c4a5fddfe44dda2e4
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: B2217C33A19B8192E6209B50F8817EA6295AB88388F400135EF8DD3699DFBDD3458645

Function 00007FF6E2169A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6E2169AAD
GetProcAddress.KERNEL32 ref: 00007FF6E2169AC3
FreeLibrary.KERNEL32 ref: 00007FF6E2169AEA

Strings

CorExitProcess, xrefs: 00007FF6E2169ABC
mscoree.dll, xrefs: 00007FF6E2169AA4

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: 01cce14c2c4b0621e023387194d399c0e3c1086a117c2fb0d50a5dce569538c3
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 78F0C822F1870682EA148B14E4843BA23A1BF85768F540235C76FC55E4CFAED344C306

Function 00007FF6E2179368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6E2179390
_set_statfp.LIBCMT ref: 00007FF6E21793AB
_set_statfp.LIBCMT ref: 00007FF6E21793C7
_set_statfp.LIBCMT ref: 00007FF6E2179403

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: c026bc5a2a3f4ae08c8ee3aa24de6eef47dc0fd13eb4f178172b6a374bbe1b69
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: F8116333D58A0201F6545179E4913FA1053BFDB37CE040634EB6ED72D68EEEAA49410A

Function 00007FF6E216B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B3AF
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B3CE
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B3F6
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B407
FlsSetValue.KERNEL32(?,?,?,00007FF6E216A5A3,?,?,00000000,00007FF6E216A83E,?,?,?,?,?,00007FF6E216A7CA), ref: 00007FF6E216B418

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
Instruction ID: 8ad0cee34a8d24f256edbac3a4dbb1f7fc0c2a3141d8ce5c8b8b907849f8254e
Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
Instruction Fuzzy Hash: A3119032F2D64241FA58A72655C13FD61435F507B8F584334EB2FD6AC6DEAEE701820A

Function 00007FF6E216B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF6E216B235
FlsSetValue.KERNEL32 ref: 00007FF6E216B254
FlsSetValue.KERNEL32 ref: 00007FF6E216B27C
FlsSetValue.KERNEL32 ref: 00007FF6E216B28D
FlsSetValue.KERNEL32 ref: 00007FF6E216B29E

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
Instruction ID: 3ccb892974351504738bdd24b510cd5146f760cc96a3bc38564a85b7cfc46b85
Opcode Fuzzy Hash: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
Instruction Fuzzy Hash: C811E332E2920641FAAC626144D13FD22834F55328F244738EB2EDA6C2DEAEB740420B

Function 00007FF6E2165FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2165FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2166106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E21661BC

Strings

verbose, xrefs: 00007FF6E2165FB0

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: e008a95b5d0d7ed475e2a57b24264cd6f9c3aa1ab4598e7231fb76c8958d64f6
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: 9B91D3B3E2868681E7208F25D4903BD3796AB80BD8F444135DB5DC33D5DEBEEA45834A

Function 00007FF8A92FF1F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 223COMMON

Download Yara Rule

APIs

00007FF8C61208A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8A92FF29E

Strings

SSL_SESSION_new, xrefs: 00007FF8A92FF250, 00007FF8A92FF301
ssl_get_new_session, xrefs: 00007FF8A92FF344, 00007FF8A92FF47D
..\s\ssl\ssl_sess.c, xrefs: 00007FF8A92FF232, 00007FF8A92FF25C, 00007FF8A92FF30D, 00007FF8A92FF330, 00007FF8A92FF350, 00007FF8A92FF489, 00007FF8A92FF519, 00007FF8A92FF532, 00007FF8A92FF54B, 00007FF8A92FF564, 00007FF8A92FF57D, 00007FF8A92FF596, 00007FF8A92FF5AF, 00007FF8A92FF5D3

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C61208
String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new$ssl_get_new_session
API String ID: 3535234312-2527649602
Opcode ID: 2ee31989e1f8588aa90a28ce799d2be3adf3df8615bd0751dc503f655c2d097d
Instruction ID: 884ae8ecf7ae38f5ce70552fa0e0a95e556a5176f05f831fb70266966fc49e38
Opcode Fuzzy Hash: 2ee31989e1f8588aa90a28ce799d2be3adf3df8615bd0751dc503f655c2d097d
Instruction Fuzzy Hash: 8CB17C21A0EAC2A2FB44EF61C8547F927A1FB84BC4F445035EA1DCB6AADF7CE5548310

Function 00007FF6E216FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E216FEA7

Part of subcall function 00007FF6E2167A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2167A59

Strings

UTF-16LEUNICODE, xrefs: 00007FF6E216FE45
UTF-8, xrefs: 00007FF6E216FE26
ccs, xrefs: 00007FF6E216FDE2

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: f0d3d4a52674556a3bb5aae63bb9259a4ffa8e39b0082663cf6499bffe95ce4f
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 23816373E2828285E7655E6981903FD2AA3AB1174CF564035CB0FD7295DFAFBB01930B

Function 00007FF8A92D2478 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 175COMMON

Download Yara Rule

APIs

00007FF8BA241170.VCRUNTIME140 ref: 00007FF8A932D3BC

Strings

D:\a\1\s\include\internal/packet.h, xrefs: 00007FF8A932D3F4, 00007FF8A932D415
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FF8A932D37D, 00007FF8A932D3E0, 00007FF8A932D448, 00007FF8A932D473, 00007FF8A932D4B5
tls_parse_ctos_server_name, xrefs: 00007FF8A932D371, 00007FF8A932D3CB, 00007FF8A932D43C, 00007FF8A932D467, 00007FF8A932D4A9

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007A241170
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_server_name
API String ID: 2866013487-4157686371
Opcode ID: 67e0e25362e592984ee9547ed76d1c5314335af9c27ff3d6de0578625d6f2b20
Instruction ID: 11bce9a8da3a585cc0e24935f8292b7fea463ab7d61480feaec3c5d1a44e16de
Opcode Fuzzy Hash: 67e0e25362e592984ee9547ed76d1c5314335af9c27ff3d6de0578625d6f2b20
Instruction Fuzzy Hash: F671C061A0EFC2A5EB609F21D4007BAB3A1EF967C4F586032DA5DC7A96DF2CE5408700

Function 00007FF8A8141FD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON

Download Yara Rule

APIs

00007FF8C6126570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A8142008
00007FF8C6126570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A8142026

Strings

CJK UNIFIED IDEOGRAPH-, xrefs: 00007FF8A814201C
HANGUL SYLLABLE , xrefs: 00007FF8A8141FF5

Memory Dump Source

Source File: 00000002.00000002.2177832756.00007FF8A8141000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A8140000, based on PE: true

Associated: 00000002.00000002.2177799498.00007FF8A8140000.00000002.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81A2000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81EE000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81F2000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A81F7000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A824F000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A8254000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2177832756.00007FF8A8257000.00000040.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2180094427.00007FF8A8258000.00000080.00000001.01000000.00000017.sdmpDownload File
Associated: 00000002.00000002.2180136487.00007FF8A825A000.00000004.00000001.01000000.00000017.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8140000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C6126570
String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
API String ID: 800424832-87138338
Opcode ID: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
Instruction ID: 73554a38af96e29241fad36790f8333a11d4bfc21ba79130aa2966ffca9a6eaa
Opcode Fuzzy Hash: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
Instruction Fuzzy Hash: C9613BF2B19642D6E7628B19A80067E72A2FF80BD4F444235EA5E47BD5DF3CE442C714

Function 00007FF6E215D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6E215D673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6E215D70A
RtlUnwindEx.KERNEL32 ref: 00007FF6E215D764

Strings

csm, xrefs: 00007FF6E215D6F1

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: 63c4f080357b1a9d103e07b3e2e307199cad46dd6cfad11a8d959fda5c04af88
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: F3519F33E596428ADB148B15D844BB87792EB44B9CF108170DB4EC7788DFBEEA41C709

Function 00007FF8A8261CA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 149COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8A8261D33
00007FF8A88F27BC.PYTHON312 ref: 00007FF8A8261D72

Strings

y*|:decompress, xrefs: 00007FF8A8261CCA
BrotliDecompress failed, xrefs: 00007FF8A8261EA2

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$C610F020
String ID: BrotliDecompress failed$y*|:decompress
API String ID: 1199462638-3609120798
Opcode ID: 1dfeb41befc088f359630a9009b93ccc2498eed697200d288a3dde7c9a2760e2
Instruction ID: 95c95dacd7c2e541e27066008ee00be06d8e995f1564c8aa99ecddcbd8df1aed
Opcode Fuzzy Hash: 1dfeb41befc088f359630a9009b93ccc2498eed697200d288a3dde7c9a2760e2
Instruction Fuzzy Hash: 4C612C32E0AA42A6EB509B61E4443B923A5FB44BC5F444432CE8D53B58EF3CE515C368

Function 00007FF6E215F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6E215F2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6E215F398

Strings

csm, xrefs: 00007FF6E215F2D2
csm, xrefs: 00007FF6E215F3EA

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: eec930d1136ebb91342eb5bfcc1d53efb720780e1e3c28c0e7848242e4802c0c
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 98518033E4828287EB648B2191443AD37A2FB56B88F144176DB4DC3B85CFBDE650C70A

Function 00007FF6E215EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6E215EF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6E215EF83

Strings

MOC, xrefs: 00007FF6E215EF4B
RCC, xrefs: 00007FF6E215EF53

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: d2cf063541a908a11f5ca8cbd599513202484c824939f447f782989e2afa10e1
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: EE618F33D08BC586DB608B15E4403EAB7A1FB95788F044265EB9C83B95DFBDD290CB05

Function 00007FF8A92D19DD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

00007FF8A8344D18.LIBCRYPTO-3 ref: 00007FF8A931238B
00007FF8A8344D18.LIBCRYPTO-3 ref: 00007FF8A93123CD
00007FF8A8344D18.LIBCRYPTO-3 ref: 00007FF8A931240F

Strings

..\s\ssl\tls_srp.c, xrefs: 00007FF8A931247E, 00007FF8A9312490

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007A8344
String ID: ..\s\ssl\tls_srp.c
API String ID: 2099648154-1778748169
Opcode ID: d6d5d50e08cea8272b2b5593a2dc40e5a6ae0df675d4a32b6bc603cce94478c2
Instruction ID: d2369d746df01687198eb7493cd0d5316f97401aaf1d92306e6c3d00be798716
Opcode Fuzzy Hash: d6d5d50e08cea8272b2b5593a2dc40e5a6ae0df675d4a32b6bc603cce94478c2
Instruction Fuzzy Hash: EE416B21A0FEC2A4FE54AF2194507B962F0EF80BD4F29A534DD5D8B7A9EF2CA4518314

Function 00007FF6E2157E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000000,?,00007FF6E215352C,?,00000000,00007FF6E2153F1B), ref: 00007FF6E2157F32

Strings

\, xrefs: 00007FF6E2157E97
%.*s, xrefs: 00007FF6E2157EEB
%s%c, xrefs: 00007FF6E2157EA4

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
Instruction ID: c463de639151b2a20e2dccdaefdc30b5360a639a126e70f1264d9c112f97a014
Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
Instruction Fuzzy Hash: 8B31E122F19AC545EA218B20E8503EA6256FB84BE8F040231EF6DC7BC9DF6DD3028705

Function 00007FF6E2152810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF6E21528EA

Strings

[PYI-%d:%ls] , xrefs: 00007FF6E2152868
Error, xrefs: 00007FF6E21528DD
ERROR, xrefs: 00007FF6E215286F

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: dc9d9df2251a628d8ecec9d312ee7ba80c21f6006fb120efe300474988b1499b
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: 6121AB73B18B4192E6209B54F8847EA63A2EB88788F400136EB8ED3659DFBDD345C745

Function 00007FF6E216C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6E216C61F
WriteFile.KERNEL32 ref: 00007FF6E216C8E7
WriteFile.KERNEL32 ref: 00007FF6E216C92D
GetLastError.KERNEL32 ref: 00007FF6E216C9E3

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: d9d50ac113835312aafef29a6e5749ddffcec5b11d4081138b5272c28c4cad41
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: 43D1CB73F28A818AE710CF65C4843EC37A2EB55798B444226DF4ED7B89DE79D206C709

Function 00007FF6E216CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E216CF4B), ref: 00007FF6E216D07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E216CF4B), ref: 00007FF6E216D107

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: bbe36dfc50154ff811872fef0901d9746f4721379bd6ee3374ba3ef7169d3319
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: 0791B633E2865145F7509F6598803FD27A2BB4478CF544139DF0ED6684DFBAD642C70A

Function 00007FF6E216F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6E216FA7C
_get_daylight.LIBCMT ref: 00007FF6E216FA8D
_get_daylight.LIBCMT ref: 00007FF6E216FA9E
_isindst.LIBCMT ref: 00007FF6E216FB69

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: 79549f2cd96a98e9e411ca4400af2d3accca44a6a7150b61b93e2ad45f33d56a
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 4F511473F142528AEB28CF6499913FC2762AB4435CF140235DF1ED2AE5DF79A602C705

Function 00007FF8A8296C80 Relevance: 6.2, APIs: 4, Instructions: 154COMMON

Download Yara Rule

APIs

00007FF8C61203E0.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A8296CC3
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A8296D26
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A8296D58
00007FF8BA2419C0.VCRUNTIME140 ref: 00007FF8A8296D7D

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007$A2419$C61203
String ID:
API String ID: 667864500-0
Opcode ID: e52e19dddba48d9fc27f932283582fe1209b610db4686e9e18e3710054b30bbc
Instruction ID: 4bba579e9a15241ece6ae6e1b694be4ca63469747b1bcfec3a101629e0cceb56
Opcode Fuzzy Hash: e52e19dddba48d9fc27f932283582fe1209b610db4686e9e18e3710054b30bbc
Instruction Fuzzy Hash: 5E71E236609BC586D660CB16F8807AAB7A8F788B84F548126EFDD43B58DF38C195CB44

Function 00007FF6E216577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF6E21657AF
GetFileInformationByHandle.KERNEL32 ref: 00007FF6E2165811
GetLastError.KERNEL32 ref: 00007FF6E21658A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E21656B4), ref: 00007FF6E21658EE

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction ID: 14e35ba40ae6f47b8af5e0545336bc8860c4aaa4d73f5676cdd2c989ddd3b2a8
Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction Fuzzy Hash: 13517B33E286419AFB10CF65D4903BD27A6AB48B9CF108434DF49C7A88DFB9D6808706

Function 00007FF6E21520C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF6E21520F4
SetWindowLongPtrW.USER32 ref: 00007FF6E2152116
GetWindowLongPtrW.USER32 ref: 00007FF6E2152140
InvalidateRect.USER32 ref: 00007FF6E2152160

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: 5ac8ec086ec563cf95fd09c58e6f37d37bd655789ee524321a1183154f45fe64
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: C911E923F4C14242F65487A9E5883FA5253EF95788F484030DB4BC7B89CEAED781820A

Function 00007FF6E215D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6E215D03C
GetCurrentThreadId.KERNEL32 ref: 00007FF6E215D04A
GetCurrentProcessId.KERNEL32 ref: 00007FF6E215D056
QueryPerformanceCounter.KERNEL32 ref: 00007FF6E215D066

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: 1ceb0bab9867d38da2ed9b918334c53b4a219aeab7db985b1e650b3fe4a1bcf1
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 25111C22B15B058AEB008B60E8943B933A4FB5A75CF440E31EB6DC67A4DFB8E2548345

Function 00007FF8A92D1A05 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON

Download Yara Rule

APIs

00007FF8C61208A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8A92E10DB

Strings

d2i_SSL_SESSION, xrefs: 00007FF8A92E0F42, 00007FF8A92E0FC7, 00007FF8A92E1008, 00007FF8A92E1222
..\s\ssl\ssl_asn1.c, xrefs: 00007FF8A92E0F4E, 00007FF8A92E0FD3, 00007FF8A92E1014, 00007FF8A92E11B4, 00007FF8A92E122E, 00007FF8A92E127A, 00007FF8A92E12EF

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C61208
String ID: ..\s\ssl\ssl_asn1.c$d2i_SSL_SESSION
API String ID: 3535234312-384499812
Opcode ID: bf6ac2c97a372f31d576a85372ebd442c85ef0c615da678fdf509a5c98780009
Instruction ID: 9955df669ff3a8332c22122db79a97d9abe9ac7da7261eeca7131241a6f8991c
Opcode Fuzzy Hash: bf6ac2c97a372f31d576a85372ebd442c85ef0c615da678fdf509a5c98780009
Instruction Fuzzy Hash: CBD12A22A0EBC2A6EB559F29D4C02B837A4FB44BC4F455035DE6D8779AEF38E451C310

Function 00007FF8A82619F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON

Download Yara Rule

APIs

00007FF8A88F27BC.PYTHON312 ref: 00007FF8A8261A90

Strings

y*:process, xrefs: 00007FF8A8261A0A
BrotliDecoderDecompressStream failed while processing the stream, xrefs: 00007FF8A8261BBD

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007
String ID: BrotliDecoderDecompressStream failed while processing the stream$y*:process
API String ID: 3568877910-3378180327
Opcode ID: ebe849aa38d28a6f9b76366784e34f312a3ee510abe0b2ee51e6d9ec1560f0ea
Instruction ID: 4e566adc8ea235bb1ff9fd09ffe69816e2f1129091d5c4f6d512e248937ea4c9
Opcode Fuzzy Hash: ebe849aa38d28a6f9b76366784e34f312a3ee510abe0b2ee51e6d9ec1560f0ea
Instruction Fuzzy Hash: 17513C72A0AB46AAEB509F61E4443BD33A8FB48785F480535CE8D17B5CEF38E455C364

Function 00007FF6E2175B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6E2171760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2171793

_get_daylight.LIBCMT ref: 00007FF6E2175C34
_get_daylight.LIBCMT ref: 00007FF6E2175C45

Strings

?, xrefs: 00007FF6E2175BC5

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction ID: 55b1d896a359b231ccce3b844c81e3eaa8fc5ec7f4bf883aa64f2aca00537481
Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction Fuzzy Hash: 05414723E0828666F7308B25D4413F96662EBC2BA8F144235EF4CC7AD5DFBED6418705

Function 00007FF6E2169014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E2169046

Part of subcall function 00007FF6E216A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A95E
Part of subcall function 00007FF6E216A948: GetLastError.KERNEL32(?,?,?,00007FF6E2172D22,?,?,?,00007FF6E2172D5F,?,?,00000000,00007FF6E2173225,?,?,?,00007FF6E2173157), ref: 00007FF6E216A968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6E215CBA5), ref: 00007FF6E2169064

Strings

C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe, xrefs: 00007FF6E2169052

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\tor-browser-windows-x86_64-portable-14.0.2.exe
API String ID: 3580290477-524912626
Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
Instruction ID: 13436bc04cc25523bfec1375aef358c20cd37be23c79a1b8c2fdb6199f7126f3
Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
Instruction Fuzzy Hash: B841AF33E1860286EB189F25D4802FC33A6FB447D8B554035EB4EC7B85CE7EE6918346

Function 00007FF8A828A350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A828A429
00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF8A828A489

Strings

Tg]@, xrefs: 00007FF8A828A4B5

Memory Dump Source

Source File: 00000002.00000002.2180285327.00007FF8A8261000.00000040.00000001.01000000.00000014.sdmp, Offset: 00007FF8A8260000, based on PE: true

Associated: 00000002.00000002.2180246315.00007FF8A8260000.00000002.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A82B6000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2180285327.00007FF8A832D000.00000040.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182691075.00007FF8A832E000.00000080.00000001.01000000.00000014.sdmpDownload File
Associated: 00000002.00000002.2182728543.00007FF8A8330000.00000004.00000001.01000000.00000014.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a8260000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: 00007C6138
String ID: Tg]@
API String ID: 2722774091-1367013573
Opcode ID: 3719e9e772ddd07db95e1395b94176eaae3edf7eef6ff48e371fe99230a2501a
Instruction ID: a5aa1be74a6248244080acb3a2b0fafd01855db3d2694366cf0ffb074558ba34
Opcode Fuzzy Hash: 3719e9e772ddd07db95e1395b94176eaae3edf7eef6ff48e371fe99230a2501a
Instruction Fuzzy Hash: F5411B32B16B899ADE118F3690046B9B650FF45BC4F148331EA4B27758EF39E593C614

Function 00007FF6E216CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6E216CD4F
GetLastError.KERNEL32 ref: 00007FF6E216CD71

Strings

U, xrefs: 00007FF6E216CCFB

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 8de3ff0bfd1ec27e8f3fb1a014825065259b794b46ffdc4fcef58b3d4545c0d4
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: 9E419133A28A8581DB208F25E4483EA6762FB98788F504135EF4DC7798EFBDD641C745

Function 00007FF8A92FDDC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON

Download Yara Rule

Strings

SSL_SESSION_new, xrefs: 00007FF8A92FDE0D, 00007FF8A92FDEC2
..\s\ssl\ssl_sess.c, xrefs: 00007FF8A92FDDEF, 00007FF8A92FDE19, 00007FF8A92FDECE, 00007FF8A92FDF1D

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID:
String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new
API String ID: 0-402823876
Opcode ID: 8bcf40587d5a5fa41e3c70954e128ebca469350227bdc8224ae571735e6d0bcf
Instruction ID: 575c64fcf1165c1cf7932d8e0fadfd63ce44d438e242705976532b2ebad96681
Opcode Fuzzy Hash: 8bcf40587d5a5fa41e3c70954e128ebca469350227bdc8224ae571735e6d0bcf
Instruction Fuzzy Hash: 6F419A25A1EAC2A2FB44AF21D8517E962E0FFC87C4F855036EA0C8779ADF7CE1418700

Function 00007FF8A92D85B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32 ref: 00007FF8A92D85FD
SystemTimeToFileTime.KERNEL32 ref: 00007FF8A92D860D

Strings

gfff, xrefs: 00007FF8A92D863F

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Time$System$File
String ID: gfff
API String ID: 2838179519-1553575800
Opcode ID: 5530e0db4563f3136961ddcacea572fb8f4abfde4476f4fcd83b7edc0dcc1c0e
Instruction ID: 4ffdc91b3df20a81d462d05ac4afc897d13b5d2ee66091061d43b140310b4454
Opcode Fuzzy Hash: 5530e0db4563f3136961ddcacea572fb8f4abfde4476f4fcd83b7edc0dcc1c0e
Instruction Fuzzy Hash: 8E21A572A0D6C696EB94CF29D8003B976E8EB88BD4F449035DA5DCB799DE7CD1408B40

Function 00007FF6E216F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF6E216F5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF6E216F64A

Strings

:, xrefs: 00007FF6E216F60E

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
Instruction ID: 73bdf6b5c8d397ab12b8f9baea60b14021068cab88be22108e2ca33e00d0ac76
Opcode Fuzzy Hash: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
Instruction Fuzzy Hash: 5021C373F2828181EB209B15D0843BD63A2FB84B4CF464035DB4EC3694DFBED6448796

Function 00007FF6E215FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF6E215FD98
RaiseException.KERNEL32 ref: 00007FF6E215FDD9

Strings

csm, xrefs: 00007FF6E215FDC6

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: 4fceea49c924b85948d436fd7796e58857944604fcee20e5e6187d762360a03c
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: 23115E33A08B8582EB218F15E4003A977E5FB89B88F184230DB8D87758DF7ED6518B04

Function 00007FF6E217073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6E217076C
GetDriveTypeW.KERNEL32 ref: 00007FF6E21707AC

Strings

:, xrefs: 00007FF6E2170795

Memory Dump Source

Source File: 00000002.00000002.2177591285.00007FF6E2151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E2150000, based on PE: true

Associated: 00000002.00000002.2177557296.00007FF6E2150000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177637314.00007FF6E217B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E218E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177682424.00007FF6E2191000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.2177752501.00007FF6E2194000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff6e2150000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: 2c5d642c827ed9e5cec17397393d8e3b197b59bc065beb7d0e54c3ac61d6f117
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: B0017123E2820285E7309F60D4613BE63A1EF8574CF901439D78DC26C1DEBED6048A1A

Function 00007FF8A92D8FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?,00007FF8A92D8892), ref: 00007FF8A92D8FF6
SystemTimeToFileTime.KERNEL32(?,00007FF8A92D8892), ref: 00007FF8A92D9006

Strings

gfff, xrefs: 00007FF8A92D903A

Memory Dump Source

Source File: 00000002.00000002.2186211945.00007FF8A92D1000.00000040.00000001.01000000.00000012.sdmp, Offset: 00007FF8A92D0000, based on PE: true

Associated: 00000002.00000002.2186182358.00007FF8A92D0000.00000002.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9353000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9355000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A937D000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9388000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186211945.00007FF8A9393000.00000040.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186542599.00007FF8A9397000.00000080.00000001.01000000.00000012.sdmpDownload File
Associated: 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff8a92d0000_tor-browser-windows-x86_64-portable-14.jbxd

Similarity

API ID: Time$System$File
String ID: gfff
API String ID: 2838179519-1553575800
Opcode ID: 67d5b2b245d6d65e2ef5cc5c305487d292cfc8c0b311219f02d73a446867e23b
Instruction ID: efc43dd88305754dbfa29b6e507cc383ab8e63119737a36e3d8ee5d2e465f8be
Opcode Fuzzy Hash: 67d5b2b245d6d65e2ef5cc5c305487d292cfc8c0b311219f02d73a446867e23b
Instruction Fuzzy Hash: 91012BE2B1998552EB64DF25F80115567E0FBCC7C4B44D032E65DCBB59EE2CD1018700

Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069227190.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067899965.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069138202.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067543952.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068931999.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067206085.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068341888.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2069363713.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_wmi.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068056387.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068513556.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_multiprocessing.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074584535.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068622239.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_overlapped.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074151483.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2067053849.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2074767443.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2076128292.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000000.00000003.2068239339.000001F713774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2191738950.00007FF8B8B14000.00000004.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2191973191.00007FF8B8B4C000.00000004.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2190857640.00007FF8B7E68000.00000004.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2180136487.00007FF8A825A000.00000004.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193031502.00007FF8B93D8000.00000004.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193286849.00007FF8B984C000.00000004.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilename_wmi.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192397727.00007FF8B8CBC000.00000004.00000001.01000000.00000010.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2190564749.00007FF8B7E42000.00000004.00000001.01000000.00000011.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2184936820.00007FF8A8839000.00000004.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2186571704.00007FF8A9398000.00000004.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilenamelibsslH vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2192848999.00007FF8B8F94000.00000004.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2190027837.00007FF8B78C3000.00000004.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2186150546.00007FF8A8F32000.00000004.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython312.dll. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2171414817.000001E56A270000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193797736.00007FF8BA4FC000.00000004.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs tor-browser-windows-x86_64-portable-14.0.2.exe
Source: tor-browser-windows-x86_64-portable-14.0.2.exe, 00000002.00000002.2193529097.00007FF8BA257000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs tor-browser-windows-x86_64-portable-14.0.2.exe

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report tor-browser-windows-x86_64-portable-14.0.2.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pyd

C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pyd

Windows Analysis Report
tor-browser-windows-x86_64-portable-14.0.2.exe