Malware Analysis Report

2025-06-15 20:34

Sample ID 240509-a5kz9sbd47
Target medium.exe
SHA256 335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb

Threat Level: Shows suspicious behavior

The file medium.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks whether UAC is enabled

Enumerates physical storage devices

Unsigned PE

Detects Pyinstaller

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 00:49

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win7-20240221-en

Max time kernel

300s

Max time network

331s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1744 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1744 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1744 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3028 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3028 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3028 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3028 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3028 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3028 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2240 wrote to memory of 1780 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2240 wrote to memory of 1780 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2240 wrote to memory of 1780 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3028 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe
PID 3028 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe
PID 3028 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe
PID 2336 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 896 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe
PID 1916 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe --port 49479 --websocket-port 49480

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecxMN6t

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecxMN6t

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1916.0.610767169\1224080535" -parentBuildID 20240416150000 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {909365e9-f97b-488c-86a5-b51fc126eaee} 1916 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1916.1.1340360838\1743149807" -childID 1 -isForBrowser -prefsHandle 960 -prefMapHandle 1928 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {c269ed88-c320-4102-8f2d-b464734dc3fe} 1916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1916.2.272660077\1067728844" -childID 2 -isForBrowser -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {882407a8-b1c1-49b3-b230-ffb9facc7018} 1916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1916.3.1488916118\1133005002" -childID 3 -isForBrowser -prefsHandle 2312 -prefMapHandle 2676 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {3bc59202-7223-40f7-aef7-9184420db8cc} 1916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1916.4.2007506062\709114449" -childID 4 -isForBrowser -prefsHandle 2500 -prefMapHandle 2352 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {f4235734-c376-4a82-a674-3a401efd31a6} 1916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1916.5.348676031\325988031" -childID 5 -isForBrowser -prefsHandle 2856 -prefMapHandle 2860 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {9f401380-0408-4c75-81c8-26b974bc8b8d} 1916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1916.6.2074070006\56606503" -childID 6 -isForBrowser -prefsHandle 2964 -prefMapHandle 2968 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {c52afbb6-8b25-43a4-83f9-c895ed858c52} 1916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe --port 49479 --websocket-port 49480

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2380.0.1121530637\2026310108" -parentBuildID 20240416150000 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {1ddbb3ff-5baa-4ac7-ac7a-bba162d4ae89} 2380 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2380.1.92836352\795514311" -childID 1 -isForBrowser -prefsHandle 1696 -prefMapHandle 1124 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {964ae36e-226e-40cd-a33c-19653d390bab} 2380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2380.2.17914414\702692416" -childID 2 -isForBrowser -prefsHandle 2280 -prefMapHandle 2276 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {4785fce8-2c87-4c20-8680-594f0c34dbf7} 2380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2380.3.1063529645\1866707397" -childID 3 -isForBrowser -prefsHandle 2472 -prefMapHandle 2284 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {44ad41d1-2aea-4d6d-806c-ecb026fc9057} 2380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2380.4.292978412\2005274939" -childID 4 -isForBrowser -prefsHandle 2832 -prefMapHandle 2828 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {a83b391a-27ec-4d89-a52e-235759efe0a9} 2380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2380.5.2096529161\1174378949" -childID 5 -isForBrowser -prefsHandle 2960 -prefMapHandle 2964 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {40d12bd4-0686-4e09-a73d-99179411be64} 2380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2380.6.1613916613\510784563" -childID 6 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\browser" - {6fb3d743-3219-4250-99b9-b428c5eb0385} 2380 tab

Network

Country Destination Domain Proto
DE 79.201.239.54:24192 tcp
FI 65.109.67.140:443 tcp
US 51.81.245.149:443 tcp
FI 135.181.78.188:9100 tcp
N/A 127.0.0.1:49581 tcp
N/A 127.0.0.1:49585 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49677 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49712 tcp
N/A 127.0.0.1:49712 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:50193 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50228 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17442\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI17442\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI17442\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI17442\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI17442\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI17442\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI17442\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI17442\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI17442\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI17442\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI17442\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI17442\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI17442\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI17442\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI17442\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI17442\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI17442\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI17442\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI17442\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI17442\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI17442\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 86f78270d33684e7d6e0064174e4a4ce
SHA1 f5dad63848bd72f57b7cef3a6c5b3d3f862e8f79
SHA256 5b5ff53489a2b6fedcc1ae624cdb6d9d9a8d57e667c09f56914717c137815680
SHA512 4e5d1a30c4029b78e09bd2ae133b3c0102d870a62eb759a957159c44c5765928931adb926afabfb73e02c6e72dcc7b6bc5be248a19330c3cc675d3953866e567

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpkdn8kwh9\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 03e2510e66fa7eb48f43e359f5a21fa1
SHA1 d72c6ad44bb13efc50622bcb4991f132f3062fbb
SHA256 e11dcae1fb4da440922faaed3b29302f128209e34db10a627ed407c91d891a98
SHA512 28d600811f378fb8a9cb126f560893a285d62fe8c3fb9dd86110af7c7ee2d1b440f923949099d7503fd7c78f1270341c78ceda43ab9fa4c6a2481062fc57d573

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7d6384160fc08e8462405b48c58d422d
SHA1 d83b6062f5e178867731c73ca85ebce36e31c806
SHA256 8877695be8bed60e85e844422198d7408abba4ee16d362a9c8f514b85e3365d7
SHA512 168e240ecec07bd2c9b6bfe8afe228662e6d6c42b4f2bf2349fb9d8aebb5fc4fc624ffd0c5bf91ce51b2ccef3cff33133188997bf9aad97a633552c5eb9ecf10

C:\Users\Admin\AppData\Local\Temp\_MEI17442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

\Users\Admin\AppData\Local\Temp\_MEI17442\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\tmpkdn8kwh9\webdriver-py-profilecopy\favicons.sqlite

MD5 32e1af8b6f514629b8c12fd70d930375
SHA1 99ed7ac160e46d8106ca4994cf6077242ca2c116
SHA256 688f8b323d6e0a6a79984ceedb4b946285ba72e66ce2eb1f9c4afb91b4f5535e
SHA512 ec49dc425cf18e454f8ec022a31f8739a3502640041b6d38fb4c688e43e1a4102d33c66de8718f079fb45acccad58a267514c1b7927d83346f42ab7c9716a3d0

C:\Users\Admin\AppData\Local\Temp\tmpkdn8kwh9\webdriver-py-profilecopy\places.sqlite

MD5 76751f2f03b393fca965628f50b0c8c3
SHA1 a172d5c43e37ca1e00234426cdf751ffaa0f494a
SHA256 5470d18e2c1a49035a23416e6d35e6eacd8f2f8492e40e93bbfbd673aea328db
SHA512 8f451ae2d118eacceb410ecc4779be90c911aff0bb0f0aae5827c1488deab0f77b236f61ac525fef4253c12730c3f2acb4ccf5df411e1c09a947e665ca554bd1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecxMN6t\prefs-1.js

MD5 09cf1bc03f744941884d59b9e9dbeb7a
SHA1 e51b336c28603f3209fc0d982731fe163641d65b
SHA256 c66cafac06825534587e33e8f4868acfa10c86a03a1239a4a5580104fe6bd91f
SHA512 036c2ca284fef243b7335299a14dda066b49e9a47d40d90d21e181cfbd658657185b12332cbee57324c1d0f2fd08b6371182c542d5753625df4347ed59ec2fc8

memory/1916-705-0x000000000B160000-0x000000000B170000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecxMN6t\extensions.json

MD5 27da918072e4667723f8d37e27d9b271
SHA1 793a6bd0e8213f202c0146ddad11305c1f416755
SHA256 b271058ed036345351a647b564753694cb4bde7347dfb3b731ceb5a07fd8bb24
SHA512 c1af5466fd3c513663c900118142318ec8b28d6466b0f026d979e6347397765ab3ea5f786861cc39e680fcf65e68f29106811ce760cf008fd3bfa9acc8611cad

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecxMN6t\addonStartup.json.lz4

MD5 24ae353a93162d6f3b85568542cc380f
SHA1 d9386011088d66df2225c6a203257168595ef530
SHA256 81e705b59d30148230d137dd0022230ea313e9ec6ff221a3b7087d386f3160b6
SHA512 659f112f5df7bb49e3cd7a81f0df9a0e341fac48711be18ab3eb9e82a75a0c2ae6cd4cccc6bdc525727f86b77b9cb776c46a5674fb2495fd4798422e605dd930

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 62b34739bb87bbc6d8c182129a7629cf
SHA1 0387c310cabbe3c5af69ee5fa45059bf1244efcc
SHA256 60f5b880159f796697dbe89b6489d8017fbeb3a3faa67d5755301226e04ac053
SHA512 b4de2d6a1699060340d979f46a772295c07b27864b8c2b05fea76bb0812b4cbfeb4debe2083661b05f2d34b4d53d1b0890a50d1456df491cefe05dbfb49f59ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecxMN6t\prefs-1.js

MD5 75732a6611f2b88ecd5f3a587338ca39
SHA1 79187cb0e4f8c2d466891c667a50f1a870630fa1
SHA256 075f07f91c6b3e6b5107e9b9bcc985bb30f62847e1e27bddd7c5551f58402753
SHA512 74cd345471c5177f651337515d3e7d97d7a70c2f8a9f14141f1a5c9a2074dde73793543b8a91ae7563fb72fd4647fc2435ab4a60cf55f44799eee115e3b7e084

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecxMN6t\prefs-1.js

MD5 975dce98e06505f2785dbc09561ad734
SHA1 b529a3b51d64e9b3385ddb733e47a8b2c9681f5f
SHA256 48d3cd469efe38af68d7328b1c990547ba4fbd43cfea85189eb863f747e2b4e9
SHA512 6a42261ee59eca9880d805cbacaac452e2f87b4ab2fcc2efeb1393555b21dc31c981d34bdb4ffa057db675837fa01cc67d64148e00433bde651f268fbdcee5b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/2380-1185-0x000000000BC00000-0x000000000BC10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\addonStartup.json.lz4

MD5 c6c2b4e9a55233854195e73736bf226e
SHA1 79773f1e17961826376b6307568c96d0cd89176a
SHA256 dd15be9de0565eaa27f0718e1a4e5c0a97a57a78c3ba4098653fbec8027a13ce
SHA512 1493170af29c21dad78297e897639f6e2d47ee8c962b86d182d8e251c46b47f81bebb793b2fcc6d19cbb0d9211a17a4c3d04d4aacb4bfed87c0b5338a3422a3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\startupCache\webext.sc.lz4

MD5 d4e63854f78e14aafe6e0a367f552cb9
SHA1 8f55bee17b0655c41fa5849487f97bc620cadb41
SHA256 1e966901cb520d0aaa076b29cb8f1c71a6ec0b3ac5cd0e0dba8bb7d265702f28
SHA512 d42958a7513d22335fdaa27482b7967979330e658e118c042ec1cb023dbc410731acbd238799b9f2fc0f1dea7a40a0e0b03a1a574f41ab612e1a361954d6af32

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\prefs-1.js

MD5 7bae5d3d68472153922aa5e8afbe8457
SHA1 38c50bd6153600adaac0701e443e87648627614d
SHA256 78feb3637e0677209fbce6608ead4b3af15405f8714c9e3149317d20848ebc97
SHA512 a2bb42f544ad25393a4e1227e0ffd944a6eb576674a154c66bfc5f4106dd86de9973364da434fb10de9cf5069eb04adb36b535db729898ed1acffbb1c8ee57a7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJpGVJ\prefs-1.js

MD5 e7d27e3284623151760c145eda2b2430
SHA1 0341686a8dffa72e60f00ade163734668779dbf7
SHA256 ca7bd47980a2b81fa53dbb2f969ee171d1364a750028816f0b8a1c785080c3ef
SHA512 801c83f8811d32353b3897fa7259f62de3202d413fa0f5ebc855506872e7315792b0eb6451471d70bb4f992a9a38ee44da6df98f14aef1959789cf168cf80600

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:58

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4900 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3476 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3476 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3476 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3476 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4648 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4648 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3476 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe
PID 3476 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe
PID 4852 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 1808 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5104 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe --port 62163 --websocket-port 62164

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62164 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYRMdhH

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62164 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYRMdhH

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5104.0.304200142\434845971" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {0be13b79-b076-4a39-8852-8498603b5211} 5104 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5104.1.915550257\2093788937" -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 2592 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {20dd2773-35bf-4d8a-9aa0-3105478e4635} 5104 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5104.2.1426298694\638930820" -childID 2 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {e5e975c2-1160-43a0-a0f8-a73255c437aa} 5104 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5104.3.970611991\1061710008" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {37b1466d-375d-429c-8eda-2c0abd4977d8} 5104 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5104.4.1162389143\1190527796" -childID 4 -isForBrowser -prefsHandle 2512 -prefMapHandle 3456 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {98d1648d-014e-4352-a24c-63d68d1f5523} 5104 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5104.5.1949586894\1144624664" -childID 5 -isForBrowser -prefsHandle 3828 -prefMapHandle 3832 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {6c0bf786-b085-42c8-ba6e-96bd58f85a02} 5104 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5104.6.743743614\912059712" -childID 6 -isForBrowser -prefsHandle 3884 -prefMapHandle 3892 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {bff42ef3-20d9-4fbe-b3e4-a21ce4b71d6e} 5104 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe --port 62163 --websocket-port 62164

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62164 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62164 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.0.1711446042\36589710" -parentBuildID 20240416150000 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {db09de29-fa8e-4ccc-afc6-0f2a0b71fe7a} 4084 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.1.1925790908\1247586310" -childID 1 -isForBrowser -prefsHandle 2336 -prefMapHandle 2488 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {1ad43740-5f54-4867-8c21-38458a465dfa} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.2.816911194\1678786754" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {0af3e94b-b337-442f-9958-911467e5a342} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.3.729518774\305051157" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 3696 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {b9ffd429-5cae-4670-802b-9ed83b245fb7} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.4.550244561\86796069" -childID 4 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {2cdaefe8-005a-4062-9e0a-bcbe4d0d4ab7} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.5.483520674\832828392" -childID 5 -isForBrowser -prefsHandle 3240 -prefMapHandle 3756 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {0c5d2638-0fe2-41f0-86b7-49c0143c2d12} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.6.629465387\392988028" -childID 6 -isForBrowser -prefsHandle 3904 -prefMapHandle 3436 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {8f4e6c12-70fe-494a-b441-dd625cf78d44} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.7.352324064\352832712" -childID 7 -isForBrowser -prefsHandle 8456 -prefMapHandle 3516 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {be5d8cf9-4927-4830-a40e-88948d0cb730} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.8.379643059\1997199415" -childID 8 -isForBrowser -prefsHandle 8068 -prefMapHandle 8100 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {b76f2a2e-9010-422e-9282-f45fcc643839} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.9.1150578037\1917147219" -childID 9 -isForBrowser -prefsHandle 7832 -prefMapHandle 7836 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {6155090f-b289-453e-92f3-acd874cb2606} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.10.1706368266\902248069" -childID 10 -isForBrowser -prefsHandle 8012 -prefMapHandle 7308 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {cab5bd30-dd14-4b94-9b7b-720506ebce6d} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.11.330879208\1639591208" -childID 11 -isForBrowser -prefsHandle 6592 -prefMapHandle 7120 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {37044ec9-d969-46df-8d9d-b740fa25bb36} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.12.1765064142\2019513681" -childID 12 -isForBrowser -prefsHandle 6724 -prefMapHandle 6628 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {af52d982-7bdf-4d8e-8aff-2bd89804b810} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.13.532460276\121128524" -childID 13 -isForBrowser -prefsHandle 7788 -prefMapHandle 7448 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {27dd7d7a-8663-4e57-a91b-b588fd3f9258} 4084 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
SE 193.239.232.230:9003 tcp
N/A 127.0.0.1:62266 tcp
N/A 127.0.0.1:62268 tcp
N/A 127.0.0.1:62163 tcp
US 8.8.8.8:53 230.232.239.193.in-addr.arpa udp
DE 185.170.114.25:443 tcp
US 8.8.8.8:53 25.114.170.185.in-addr.arpa udp
DE 84.46.243.189:8080 tcp
DE 185.220.101.200:8443 tcp
N/A 127.0.0.1:62163 tcp
US 8.8.8.8:53 189.243.46.84.in-addr.arpa udp
US 8.8.8.8:53 200.101.220.185.in-addr.arpa udp
N/A 127.0.0.1:62372 tcp
N/A 127.0.0.1:62380 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:62163 tcp
N/A 127.0.0.1:62163 tcp
N/A 127.0.0.1:62163 tcp
N/A 127.0.0.1:62736 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:62744 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI49002\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI49002\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI49002\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI49002\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI49002\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI49002\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI49002\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI49002\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI49002\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI49002\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI49002\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI49002\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3584-493-0x00007FFE4E1E0000-0x00007FFE4E1E1000-memory.dmp

memory/3584-492-0x00007FFE4CDB0000-0x00007FFE4CDB1000-memory.dmp

memory/2388-518-0x000001A735DE0000-0x000001A735E4B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYRMdhH\extensions.json

MD5 65db68ad840b4defa2492e7ec1a0a3d3
SHA1 1b71395881a5840858b20057dc09319d4f7a6c4e
SHA256 dfa8e1a92f47b9fff0a38bcb0bfef766be0ab492457e6f2699aeb10e66d37f53
SHA512 0328f59b5dc5106d1869966b8bd845ea891f9db22ee4a752036fbd1ffeb29dfb07d17c148988ac577461b151ed2241d8b46be944b99a91e754f16a3d1467a787

memory/5104-590-0x0000023402200000-0x0000023402370000-memory.dmp

memory/3584-597-0x00000248C8A00000-0x00000248C8A6B000-memory.dmp

memory/2588-598-0x000001E06F350000-0x000001E06F3BB000-memory.dmp

memory/1212-599-0x00000186305D0000-0x000001863063B000-memory.dmp

memory/3556-601-0x000002E8BA5E0000-0x000002E8BA64B000-memory.dmp

memory/3124-600-0x0000020821660000-0x00000208216CB000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 5302a04dafaa09ae7a786e4fa22b5e67
SHA1 a030be967b20fd082fe219e3a63ff03b53852492
SHA256 e8f73335734375e634a47acdcf2dfbf843301157aaada9d3fc0d9d50b4072147
SHA512 58ec331e1363b19f8d154b002942af550c5807071d5bed07fc19336d372efaa65e8cab6559b0dbeabd9cb61e8108b1f803f20f8d58ac0a6b88b6e96f7bada01c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYRMdhH\prefs-1.js

MD5 9b757df5dc27129a73953e69e7b3b19c
SHA1 33ea9cdd6ffa676d07c5dd4348136123ebf793f0
SHA256 478bccc732a0677aa1280a8bc9e7cb79577f75e8e85d106696d1d4d3c8164d7b
SHA512 cae6cee748531e9893e6e921d32f13db4020c412729fd0ac5086caa2df45611654f6f5813a43ce3a485f656e9412c04bc979ae8c7d02173dd106b81635caee90

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYRMdhH\prefs-1.js

MD5 8fe29cab7c5d1d4723ebc75903fcfd2e
SHA1 bfa9f672712934177f439701a32b9a1b997f1f6a
SHA256 8545cf360b44b9338c9cf80efe25cfa2dd730554bd26a3e4178c0fbd7959db6d
SHA512 b3dcf4dce17bb88f0553b1672981294e698c6d6e12c02dd2e8053dc360d937482a98e467775d1ef622767193537682c694952adb65cc61d355a82fdc3adfc940

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\prefs-1.js

MD5 a911b415f7ef6fc3177edacb0a0c6ab5
SHA1 6f33245768b52a1456b2191fe8f68ead9095ed32
SHA256 09106badd061f5dd74879d827f1aed5e1f08aec7a7bf490711dc8cf376d33e70
SHA512 aa5de7cdbd4c0f5f70156ffa9e61f86cfd9c3a3f9d4f61f6aed69c7945b88d15a268b23835b14dd47a2e16a289e5b81e433408c5683dc98a03c4a64676abfb2f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\startupCache\webext.sc.lz4

MD5 852c8a0d510d3462134db0758e6cd986
SHA1 b6fe69de70a99abd5e9645570c57c5648c12817a
SHA256 712920d1d6732d1cd0ccc7e302653e6d0b0c7deb5d56b07c46e198770164337b
SHA512 8eda40285b67f224340b2c826b14f205769c3320d53521b725e48f9c5037aabd6ac78047cc91659313a9426eeebc3a1bcc61680092c1d4c584e0512c6eb5c22f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\prefs-1.js

MD5 6960afed06c13d8a373e966a86bdcc95
SHA1 38aefe8275fdea0a522ef34dfab0e0cd22e40808
SHA256 302e26b719f9ded3596d1a7ce32910accfc2d876c541c58f6b42e2899868440a
SHA512 9e8d54fbbfada962b47929242a88286bf901c4d62d8807864d2c91593a16abd7f6c801bc71c0372fc6500f6506135539f46b3b6ae4109d1c1d46fae36274bab3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\prefs-1.js

MD5 267dbce85174ec0d058c701aa1bfc8b6
SHA1 c7d3cb8b39c5eacf679615b98918f3c0ba8d3080
SHA256 06b1981311b387adb62e4e0c15da2a7cde8607aacbeec36609b8f4ede2e65a0d
SHA512 26aa4bec92cf31b4613a36d9c5ca6d84363a56cbc8e07903ea0a098e0b7a6a4bdbfc46f1e0cbaceb184828cfbde458f5d5ff72a7263aa67453116625638fd2aa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelY7NMM\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:58

Platform

win11-20240508-en

Max time kernel

296s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2148 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2148 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1460 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1460 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1460 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1460 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1152 wrote to memory of 1080 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1152 wrote to memory of 1080 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1460 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe
PID 1460 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe
PID 1584 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3988 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe
PID 3748 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe --port 49999 --websocket-port 50000

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileR8ehUC

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileR8ehUC

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.0.622374033\187145220" -parentBuildID 20240416150000 -prefsHandle 1688 -prefMapHandle 1408 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {f1c264cf-0cde-4818-9547-bf9eb51738ac} 3748 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.1.1994761115\65120687" -childID 1 -isForBrowser -prefsHandle 2412 -prefMapHandle 2520 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {3343e3f6-7bd1-4c54-b9f0-8cedce7d0add} 3748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.2.1786775525\2126946232" -childID 2 -isForBrowser -prefsHandle 3060 -prefMapHandle 3056 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {6d77a6c7-2001-47a9-8623-389565607abe} 3748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.3.1026636637\748897144" -childID 3 -isForBrowser -prefsHandle 3276 -prefMapHandle 3272 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {56461928-416b-48aa-b275-0606e329f074} 3748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.4.2126303038\1221994032" -childID 4 -isForBrowser -prefsHandle 3148 -prefMapHandle 3184 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {050b9628-5005-4166-b0a4-248cebe701a8} 3748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.5.2088775030\942306529" -childID 5 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {52e794e6-7b48-4dc3-9023-3d1392eb4d8a} 3748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.6.848222245\210089842" -childID 6 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {af210f39-5c08-444d-9f3c-d29aa8fc5b7b} 3748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3748.7.1959694738\1032559792" -childID 7 -isForBrowser -prefsHandle 4400 -prefMapHandle 4404 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {e661aa7c-4fa5-4c3b-a1bd-3c30ffc68bab} 3748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe --port 49999 --websocket-port 50000

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.0.1983005924\744723118" -parentBuildID 20240416150000 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {ad764e6d-de32-4cb9-9d7b-20b45b8f47d4} 4688 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.1.1480849091\609521861" -childID 1 -isForBrowser -prefsHandle 2248 -prefMapHandle 2560 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {d5a8c811-9139-4735-af33-ebd00dc6d57f} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.2.325502594\895762242" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {89169f80-01b1-4053-a301-30d3b88504eb} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.3.1491368566\1769417938" -childID 3 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {5a8f0971-8b5f-4560-9748-c1bab998d485} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.4.677957882\952698673" -childID 4 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {1bfb6b79-ab45-47ac-8d55-bf0d12a45b08} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.5.999172741\1141747982" -childID 5 -isForBrowser -prefsHandle 3560 -prefMapHandle 3444 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {8452dda3-9a0f-44d6-a678-60e76d6fdef4} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.6.1117039513\1995764358" -childID 6 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {f5c4037a-88dc-4278-9b6e-dd813891636d} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe --port 49999 --websocket-port 50000

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.0.949468927\1715785286" -parentBuildID 20240416150000 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {6f5b1875-d994-41d7-8641-cbdd20d37a2b} 1828 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.1.1457641042\1275537226" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2520 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {e2b3be32-8e8b-4a3a-a6f7-d778312718d0} 1828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.2.887594242\1727741184" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {b0eff53b-e94c-4300-872f-65112e1ef2d1} 1828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.3.826033758\197889858" -childID 3 -isForBrowser -prefsHandle 3632 -prefMapHandle 3448 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {0b9a16be-4c88-4fea-b6b8-4aec83b90193} 1828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.4.1154347589\620690518" -childID 4 -isForBrowser -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {4e25bf4f-3af6-4a4b-8bca-7e3a9b008c2c} 1828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.5.651923824\513756263" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {5f9d3569-48d0-48aa-a136-0229693f2537} 1828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.6.607357270\1582957696" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {47a64a3b-5121-47b3-9b60-dbbff2fc2bea} 1828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1828.7.1460807446\725421485" -childID 7 -isForBrowser -prefsHandle 2440 -prefMapHandle 2444 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {e5033bdd-76a5-44ee-884d-51141ce9fb30} 1828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe --port 49999 --websocket-port 50000

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileV7XEUi

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50000 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileV7XEUi

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.0.1857216190\1235023519" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1672 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {91db1690-60f3-4536-a476-f28b2d423702} 200 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.1.1535697721\420751310" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2892 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {eef3de3e-9f3d-4063-969a-643ebce1b27e} 200 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.2.32682507\493358912" -childID 2 -isForBrowser -prefsHandle 3108 -prefMapHandle 3104 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {99c8bfb4-99ff-442a-8af6-02beced4d02f} 200 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.3.487721793\703027082" -childID 3 -isForBrowser -prefsHandle 3260 -prefMapHandle 3264 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {5ce36c7e-25b5-4a2b-85b8-c454c09bb238} 200 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.4.1955496050\334164061" -childID 4 -isForBrowser -prefsHandle 3232 -prefMapHandle 3220 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {f3a223dc-cadd-4936-a8c4-24af1e498960} 200 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.5.1568706916\1102784268" -childID 5 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {c447b349-2e06-4278-bc06-b8a66381e21c} 200 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.6.477492088\277728069" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {d51cc0ff-0d3f-4aea-adbc-ea6edba480b6} 200 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe" -contentproc --channel="200.7.126404870\1202024355" -childID 7 -isForBrowser -prefsHandle 4352 -prefMapHandle 2412 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\browser" - {2f75d030-c086-4cad-b9f1-6ece3d87cb1b} 200 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:50102 tcp
N/A 127.0.0.1:50104 tcp
FR 37.187.5.192:443 tcp
US 8.8.8.8:53 192.5.187.37.in-addr.arpa udp
DE 159.69.36.3:8080 tcp
N/A 127.0.0.1:49999 tcp
US 8.8.8.8:53 3.36.69.159.in-addr.arpa udp
US 172.233.152.242:443 tcp
JP 23.81.44.113:9001 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:50208 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50216 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:50583 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50591 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:50868 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50876 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:49999 tcp
N/A 127.0.0.1:51201 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51209 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21482\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI21482\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI21482\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI21482\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI21482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI21482\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI21482\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI21482\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI21482\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI21482\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI21482\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI21482\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI21482\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI21482\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI21482\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI21482\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI21482\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI21482\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI21482\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI21482\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI21482\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI21482\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI21482\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/5108-490-0x00007FFEFAB60000-0x00007FFEFAB61000-memory.dmp

memory/5108-491-0x00007FFEF96D0000-0x00007FFEF96D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileR8ehUC\prefs.js

MD5 0c820fa453170eb14ac78825a1332ac8
SHA1 f081a89be50b424a1f7daf51d6ee0e2b97eeabdb
SHA256 a6d2b14e10feb0fc8f286f3f989341cc80f7699f2124111cdd87a6e7a4625971
SHA512 604995b02fa42bdbeb59a197f3e39e736503e4c49c63d92c1a3aaa10460de0b897a23b7f028090ca42679061c42ae58defaf4bf63b72eccdea3fb73fdc3812bd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileR8ehUC\extensions.json

MD5 2c49efacacfc108a1b80dc69509ce0a4
SHA1 3c95281ab4a64d646efcd32c2f9aee64e713603f
SHA256 2f705949b3acf09960e14a19283fa1622230a6de7a58b5bf283667b712e2d587
SHA512 d6cf5da37aeaa3f9600c5c1452185bbf1d84b57ebc84907912a2c3708fc90a1cca4c1f5246a8b6fd8f46325035ca2b24473a1a80a3deefaa23b7d0bde426e96a

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 5285d6b6370d1c4e2c389b65e7335a5d
SHA1 8571055e33e9bf52affab39dd3efcb2a78d1e9c2
SHA256 a4b63582cca7247f00954dc9262985df31531123ec83458162fc37cbc6e56544
SHA512 46356ba64919c88f1ef60b974e5f51fcef5a790a76bef29db2ebdf0ed680a3b68677a0f867ed2dd859fefac91733898cc7bd8d8adad4a4170ccc78e2de73561e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileR8ehUC\prefs.js

MD5 6bb6eb9d8c3baa199c343cbbe04566ed
SHA1 5d9c4e48a9fb8e17172eebfb902d85ff0d662953
SHA256 256720fb7bc3807aaac4e38adbb5a38ecd4099e382e354d7c6994598b65a00de
SHA512 084e083a05c786b3b84c55ad81f5ccfcaa3c13cc397ed97a6f50c8ddea246a7587c3b57a5f4b906afb616d4059312d2aeb6ee61a2f38f8d440d350b26a446c54

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileR8ehUC\prefs-1.js

MD5 788154b9b6806d45b027412cf61163a0
SHA1 1b4432f46a41a4b5cb3cce98687a1f164ddf8673
SHA256 9faaa8578c12a7949d9b4dd7902b1a7c2e85608781cebf2c96fedcd918ff1fa4
SHA512 93460cf7b490056c489cf5d3bd8af1e33d63fda3fafcf3791371c2d88fde61d5326c052fd786f4fbcb25d2123caca751e98f93d2548590f8f1caf3665eec9f05

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileR8ehUC\prefs-1.js

MD5 c76d33e33aa135db3b3f5f7c8c36e92c
SHA1 5685745e211a8da07578ed4b0033815284b32599
SHA256 eb688c5bdd4b061ca8d4db27ac56f26bb0a95ef10b54d1d2f7854691024194a4
SHA512 2fbea902ab44c30671aa63a90b2be40969e8ee9d590c6fd5448b4495e0f805578fb70655b855c1816f88bf201101b4b7de367d43ab01d4703dabb4b16509b0bf

memory/4688-817-0x000001FF9F0A0000-0x000001FF9F0B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\startupCache\webext.sc.lz4

MD5 067fc1c0bbc7bffc98cac772218aaca6
SHA1 2729a5e45d011486b7c317f947ca59d548266eb9
SHA256 5a3b3e641b6e6b957b0b00f982d586c6025c35cec7f21c60f82789c42af37367
SHA512 0fd2e139fbd5bc367d1a6a6f1049c2f39539568bac65743b96c80cd6b5e9775aece343a2729f50183be7b5c8936616a37d415dc9163b394f924379e4a133492e

memory/4688-937-0x000001FF9ABE0000-0x000001FF9AD50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\prefs-1.js

MD5 495c2cc078d3bcf6ca82e7350024b018
SHA1 62d051974960f9f125e28ba7459d2af2688544bf
SHA256 85df8f4d474ac8ebf3e255662d218231dae30d9dd5baec166f7bd78809b962cb
SHA512 f67d22641cc5d3ce993d033fe1813299573120d906757411b19fb99a62cb69a7638a9dfab3067a50605801c4e2c1eec6d9b417eea58ccba642cee4b16bb4f5dc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile74NRVj\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1\user.js

MD5 2ae6bc2b6cc947906f0c60f76fab5ff3
SHA1 a8742c2cc36223928e946ba8143b226e82ed13e4
SHA256 f9b74050732b02848c48dda03b1db85c64a9b601dddfc48c75a9719ff90d8199
SHA512 8e3fd81ab9ec67b6dcac80f37e5b64ca719e9e92d26f9a6fc9b2c95fc40be98ea1900537f50d33d9a681667223077200c57ee09963da8533d3772cc79f86d723

memory/1828-1172-0x000001D298020000-0x000001D298030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1\prefs-1.js

MD5 311a0c9e531ac6162713a86d25317bfa
SHA1 97dd5244a07eee51f3e63171a76cda2c17826b41
SHA256 eedc94232d043fea88ec6a783a7368110989f51efc4fd6563f96897df7e18cd4
SHA512 b49029fee34fe7806d238e109bbef539329d5abb1bbda91966b07212799a4d044647b07b89b68f97a4d0b55b5a29d440ea45b7c89783999b3f1104e12fb402e1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1\prefs-1.js

MD5 453b20ba49eb23ba716e5887285562bf
SHA1 ec2cc58a6cd31dea73b84c39042bb5825387fd81
SHA256 5c7e9865a5879c6f697fe85d1b76a22be9899f927ffd60c8e3b554a993ce143e
SHA512 70cc885219af33fc64210f9af34190de1bf468a3bff4d6d816e4ba6f8f30e48ac04e2aefc1e54f07775b6df0a62fd53f7712b0115b74387bfde50b9ef4715cd1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1\sessionCheckpoints.json.tmp

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOIpQA1\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

memory/200-1453-0x000001D133760000-0x000001D133770000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileV7XEUi\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileV7XEUi\prefs-1.js

MD5 69fe23aa615aad9567cc6eef0d3033eb
SHA1 debbe9ff04a12aef47ef518249147dc4d5881d34
SHA256 423d25cbd017455bbe063dc02bed27c4890706789f8d131b81a57ab137d8f3fa
SHA512 19571fd46c5f2b79957c51d4b3a1234060cad4c523b2cc101997bcaf12e75f14e6f0c3e97526089608c5240a0c70ff3b42e29f47a8247340955c0d9ce3edbd12

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileV7XEUi\prefs-1.js

MD5 37ac5124ccec6ce38fca8e7ba72b3be7
SHA1 4c618b1e22f38fc4a8dad06345d19ec944bd97bd
SHA256 63c5f62440189709529e4eeb91556c94cd1d66c653d7ec03f7680a1b431232af
SHA512 ef80349f7e2c35a3f18043f24fb3717628c15ca3dde0e43e302cdae77a85efd6891dd996bf72efd32eb5519146e817fc594af48502c44b29657927cc518fca35

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:58

Platform

win7-20240221-en

Max time kernel

300s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2364 wrote to memory of 604 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2364 wrote to memory of 604 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2364 wrote to memory of 604 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 604 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 604 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 604 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 604 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 604 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 604 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1776 wrote to memory of 2972 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1776 wrote to memory of 2972 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1776 wrote to memory of 2972 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 604 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 604 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 604 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 2940 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2940 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2940 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX4L4u3

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX4L4u3

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.0.329432464\1407013080" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {dd4696cc-581b-499b-88b7-4cf493fc34a7} 1276 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.1.65127858\1612147075" -childID 1 -isForBrowser -prefsHandle 1956 -prefMapHandle 2260 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {2f26c8f9-c502-4f5e-92cb-cd89af20f42a} 1276 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.2.788381448\1284998224" -childID 2 -isForBrowser -prefsHandle 1764 -prefMapHandle 1832 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {ce170adf-beae-4b08-b2eb-efd87a110ad9} 1276 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.3.240994210\1920763955" -childID 3 -isForBrowser -prefsHandle 2380 -prefMapHandle 1684 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {4c82e5bf-a8f0-4a46-862f-f8fe9dcc1934} 1276 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.4.929537982\989063963" -childID 4 -isForBrowser -prefsHandle 2716 -prefMapHandle 1072 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {fe50982b-0055-4707-88b9-2fed543927d4} 1276 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.5.1086509049\671285186" -childID 5 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {9ca3308d-0774-4b16-9d95-93e3c340623b} 1276 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.6.1628830497\531061041" -childID 6 -isForBrowser -prefsHandle 3076 -prefMapHandle 3080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {68563cc4-1819-4b11-a43c-2f39463f7870} 1276 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1276.7.437703508\2042698263" -childID 7 -isForBrowser -prefsHandle 3048 -prefMapHandle 952 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {62ddf2ae-0105-4fb0-90a2-7bf7829c4266} 1276 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.0.349173442\1824988718" -parentBuildID 20240416150000 -prefsHandle 1232 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {89911044-9022-4c9a-95af-593819f46720} 2120 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.1.1161348688\1474225800" -childID 1 -isForBrowser -prefsHandle 1944 -prefMapHandle 2012 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {191fcd7b-d15d-4478-8ebc-cbd3531fa01c} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.2.87735543\774960044" -childID 2 -isForBrowser -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {b9824fb2-b238-4521-aba0-fcbb7e480084} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.3.997181346\1747624343" -childID 3 -isForBrowser -prefsHandle 2680 -prefMapHandle 2684 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {0a0374c9-ce0e-471c-a162-252b8019c86e} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.4.587866344\348868149" -childID 4 -isForBrowser -prefsHandle 1096 -prefMapHandle 832 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c4284083-577d-4f5c-b98a-6596583c0677} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.5.1902794817\286843279" -childID 5 -isForBrowser -prefsHandle 2924 -prefMapHandle 2928 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {683565f5-2fff-4da2-8b68-9a6cb29e02e8} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.6.1603298471\247380390" -childID 6 -isForBrowser -prefsHandle 3080 -prefMapHandle 3084 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {e37219f7-a42b-41c4-aad0-187f032ab3d4} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.7.957421876\778018231" -childID 7 -isForBrowser -prefsHandle 3432 -prefMapHandle 2524 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {3adb69cb-dacf-42c5-b21e-f3f863b25192} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.8.1784248994\1546331585" -childID 8 -isForBrowser -prefsHandle 3768 -prefMapHandle 3780 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {642a7039-6840-4a2c-9877-f6ddbe468d6f} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2120.9.739927209\222125693" -childID 9 -isForBrowser -prefsHandle 3672 -prefMapHandle 3516 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {df3a299f-8e19-4c97-82bd-78e63c26b9a5} 2120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile56bfcz

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile56bfcz

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.0.2141365449\1579939867" -parentBuildID 20240416150000 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {03948f0d-e481-402f-8c4f-0acd839cb320} 2656 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.1.743923238\148991053" -childID 1 -isForBrowser -prefsHandle 1904 -prefMapHandle 1908 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {fc52ba14-71af-4686-9ea0-0223e61655e8} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.2.605600012\175234369" -childID 2 -isForBrowser -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {cd941fa1-d39a-4771-8ccd-7c2c15a4a7a6} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.3.1927316453\1789219543" -childID 3 -isForBrowser -prefsHandle 2464 -prefMapHandle 2468 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {eb66b583-6dac-4e2c-ab05-8a4ac884cd39} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.4.1301059262\1266987936" -childID 4 -isForBrowser -prefsHandle 2700 -prefMapHandle 1100 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {778e1aec-5e52-4582-b566-48e5407bba3f} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.5.1411737946\394695750" -childID 5 -isForBrowser -prefsHandle 2828 -prefMapHandle 2832 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {3031f81e-c153-4de1-a7b1-fe747bfc26a8} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.6.1730157688\394008672" -childID 6 -isForBrowser -prefsHandle 2888 -prefMapHandle 2896 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c250d7cf-ab30-4ee3-8560-07e95839d50e} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.7.1533392930\1498476652" -childID 7 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c7b2ba58-5ed2-4e28-ab62-fca8e98fd3b8} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2656.8.1687539123\1924856505" -childID 8 -isForBrowser -prefsHandle 1828 -prefMapHandle 3472 -prefsLen 25332 -prefMapSize 245849 -jsInitHandle 892 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {e485daa9-4be4-4037-a8ee-205b7309269b} 2656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledt63vm

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledt63vm

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.0.939916526\1269341410" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {3c725400-1f1b-4b74-862b-a2e2a0070a3a} 920 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.1.830395338\1684630563" -childID 1 -isForBrowser -prefsHandle 1932 -prefMapHandle 1912 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {1a9dc930-ccb1-4f41-a1d7-9dc8b75fb1cb} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.2.1609699262\1723966660" -childID 2 -isForBrowser -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {a90dd3ba-f965-450c-a45e-94bfa490311b} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.3.2029091522\1140990193" -childID 3 -isForBrowser -prefsHandle 2344 -prefMapHandle 2496 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {aad30b8b-24c3-4eab-a91a-2dbd2626d304} 920 tab

Network

Country Destination Domain Proto
DE 79.143.177.192:443 tcp
NL 192.42.116.186:9001 tcp
DE 213.133.103.134:6969 tcp
FR 45.158.77.241:9000 tcp
N/A 127.0.0.1:49514 tcp
N/A 127.0.0.1:49520 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49673 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49708 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50245 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50280 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50852 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50887 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:51399 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51434 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23642\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI23642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI23642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI23642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI23642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI23642\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI23642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI23642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI23642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI23642\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI23642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\tmpymhrqd07\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX4L4u3\extensions.json

MD5 5c6af90cedd57cf6641834ccf1c57516
SHA1 a619d30e3104246b8ad9eec153e885496035a222
SHA256 c86bef14fc42c73dd406a513f7cdef11a14ce241e00c3cd5be7299bc014b76fa
SHA512 cafcd99b4df2498f74d876a6c59d6f968f1c1702bfff232b0b6e52ff7b253070141c24f84be47523da685b135ee7c8add46e5fa2c3ec93a18048629778750030

memory/1276-698-0x00000000081F0000-0x0000000008200000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX4L4u3\prefs.js

MD5 f99a7da6cdf3e27d004b8b658bb599cf
SHA1 d61e34c8a1a93969fbb30fb65b7309a2f41f6b5e
SHA256 ab79e0f48dc266b18e8910818b944f3b6d962ba291e0c3ee4397ac8d99f2d41b
SHA512 dcf6b2d60e49a36900cfc7d5da0ab7cf45853a2486feb8ad32baacedc3bfa86f8922bbde1db113db163b722a62ae7fe4e3e3a95a652dcb0442f9283f6dfcec2e

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f593c1b6c54b36e26afea416853ec20c
SHA1 43ec3eff63c7581d4ea48cdeee6cd9be8eb5e010
SHA256 773a3dd535895771396a7c920f3df0caa9d796310a8c7c9d1979a0267fa5a19d
SHA512 c192eacd932e8f2d35bb6cb2b3ed73888f613a39eabfca8422f4a6eda0e4268463a9d442079872ee7d46d507b9aa19a37a096b60e06a1a5cd820de10d48df883

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX4L4u3\prefs.js

MD5 769bd31f2761d996f9a5f5e1df1dc393
SHA1 6fb8a23069e54565804f9e263f52308babadfa30
SHA256 e73c60735414ff98ced789f4b16944ff4b9f27bf3f8955cb9ac36fba6aace7d1
SHA512 fcd9fdc140b4209575109220cae6921c38aafeffc47991907d809ec18608f42db4ad3bdfc656d6c8114a94a4c82beddb94d395ff46ae39777dda7bb813648097

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX4L4u3\prefs-1.js

MD5 0978b3463e664a989164c2ad523d306a
SHA1 7004b0c32e531875b553b18d31b2a3a2421b9174
SHA256 64b6911436d3891d6aaecdd348b6b135d5e03c86559bb228232c74bb4e9e3711
SHA512 d3d5c8db7ccd43e19eb884e865160bd2bff9876e8cd1f352f29052653b05de93777a2793da324040752e85065e49fc962145d7a5e460640f6c4124f96dedc910

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX4L4u3\prefs.js

MD5 880c900593e66c063afaa827ab0c2d96
SHA1 93a315965d243e27ba3d8820d9d65dc1eeac9050
SHA256 135c272625f1276a01c8fbd94cf75aa0ff1374a85fe27a54e253b072736726e2
SHA512 5cceaf8581f72a8b3c57ea5c8d05dad60c7ce955f5880deded4406fdf35317288e69327f0a3aefb3a4e45bb9e35f2e78bc10a6697a3b69e0cf2319e45d11e2a5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\startupCache\webext.sc.lz4

MD5 2f85c36683a213c55065a385dbb1c50e
SHA1 a9dfc907b7b0aacc1e56bedfb4f217cb85ee3325
SHA256 a770eb693f9a0e11681b0baeeb906cea2d2cfd3e8dc4a4fb30db7a18b5bdfd1d
SHA512 c9a36edf5b53180eed5481a2b1b26d196ee6f116b52329434d5dc096f7360b5acf61968b352ee2980589117d2b19686b99e5059ea5a449b6646c35965969cdc8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\prefs-1.js

MD5 54cd0f7a259e8beaf13cc14752f3af12
SHA1 938429595ac5b22c22e5ca7278decbc8ff5741d0
SHA256 2c8d10a95c7a29e27e147448552bea1da4b7eaae97001d26e76ef8649dc74dcf
SHA512 2316fd231d176e0263d47e36f545709e5a305b81e67d22f992282b9782c24e46d4fa43f1a358476ab0363bde393e21457ee7c9b0105307adef474bcb385a4733

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNFcYxX\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile56bfcz\user.js

MD5 f5db45cdbc495536fd84d41527219a87
SHA1 da539d5780eaac9206aac223d6e44c2b536fa7ee
SHA256 b64dbd5ee2c8c6350b818caea2bf74c07dd04cf2a55319331ef353c58af430f6
SHA512 273f6c0c8d1f6051b0b3ca2b24a0f2c0ed9c522a9a24c3d110e6b9c10003a9ce41cf07508085d5f4f4b13a5f245efa5c552389427361e47dabb9ba73d2c7c079

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile56bfcz\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile56bfcz\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile56bfcz\prefs-1.js

MD5 c8a9be965b4b3fa13b6e8b64bdb2e425
SHA1 4525e1fc69ad87f987708d1e357693176feb28ed
SHA256 fadb72273735196fc621f759808bbcc10eaa8af1bf14ad758906080a35e85140
SHA512 d41862c833d680cfeea550cb4f64fe37fc9fc894568e933530ea6b494098a5937ca88939193bda37d1f55132a421d5a1d506e4249720562fab7e6eedb63c9f7d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile56bfcz\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:58

Platform

win10-20240404-en

Max time kernel

294s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1928 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1928 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3380 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3380 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3380 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3380 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 208 wrote to memory of 2340 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 208 wrote to memory of 2340 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3380 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe
PID 3380 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe
PID 4680 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 3248 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe
PID 4664 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNNOeDQ

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNNOeDQ

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4664.0.1225641450\1196175181" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {d749509d-f3e3-42db-8265-5884f81d0e9e} 4664 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4664.1.1303726557\723333508" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2684 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {cd357752-bdff-43de-bf3f-35ed4be7917f} 4664 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4664.2.1677419226\463231133" -childID 2 -isForBrowser -prefsHandle 2984 -prefMapHandle 2988 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {7b297eaa-78e0-4b7e-b74a-c59a79965863} 4664 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4664.3.412625792\2100944634" -childID 3 -isForBrowser -prefsHandle 3320 -prefMapHandle 3312 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {2411556b-1d13-48a8-a4a0-e5dc966d3890} 4664 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4664.4.175155503\1380518216" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {86d2dbfd-3416-4053-abef-816cadd05ba3} 4664 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4664.5.462509589\220590486" -childID 5 -isForBrowser -prefsHandle 3348 -prefMapHandle 3448 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {55f0c369-96de-4d30-88a5-9fa27e8586b1} 4664 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4664.6.725907177\1619112793" -childID 6 -isForBrowser -prefsHandle 4000 -prefMapHandle 4004 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {d6609dbe-e6d4-43f7-af52-765c41a9703d} 4664 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.0.1438528752\1314081218" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {73d8dee2-e909-451e-a3db-d2078f876df5} 3684 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.1.1009526453\786086327" -childID 1 -isForBrowser -prefsHandle 2516 -prefMapHandle 2512 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {0b48d7f3-1bb6-4b75-a5b6-3b663fc85c30} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.2.910117611\1629345190" -childID 2 -isForBrowser -prefsHandle 2876 -prefMapHandle 2872 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {86e30e4a-af16-4381-93d6-5d2806dc4a64} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.3.1169905514\1336603161" -childID 3 -isForBrowser -prefsHandle 2976 -prefMapHandle 3044 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {2d3f94e4-35e0-47b4-a70f-78d90954254f} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.4.1919686373\2041656053" -childID 4 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {77f1cd64-f382-4768-919e-4d7c425c53ff} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.5.933703299\1892687767" -childID 5 -isForBrowser -prefsHandle 3784 -prefMapHandle 3788 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {bfde5a6a-fac4-45f9-9e86-472af475e344} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.6.2107545081\709163042" -childID 6 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {94b6ddcb-1c91-4ac7-b8f5-38de3ede764b} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.7.773031680\2068476364" -childID 7 -isForBrowser -prefsHandle 4188 -prefMapHandle 4192 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {8105347a-8082-4b72-abf3-0b2578bc3323} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.8.497222058\1124538755" -childID 8 -isForBrowser -prefsHandle 3076 -prefMapHandle 3444 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {2fde33b7-3107-44e9-8d39-83d633db828e} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3684.9.1244601661\645595518" -childID 9 -isForBrowser -prefsHandle 4724 -prefMapHandle 4736 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {c7e2ebd5-6d53-41bc-8fd3-2b9dbd561734} 3684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3mKI8

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3mKI8

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3252.0.201927000\1792747132" -parentBuildID 20240416150000 -prefsHandle 1456 -prefMapHandle 1444 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {7cb0a471-a019-4d9a-837a-cf573011dce5} 3252 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3252.1.82340257\750350533" -childID 1 -isForBrowser -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {728499af-bcee-445b-acd9-afe983f0325a} 3252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3252.2.90568032\505600330" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {0cf6114b-93ff-43a4-a04d-14b712141ad0} 3252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3252.3.1940907759\584671784" -childID 3 -isForBrowser -prefsHandle 2952 -prefMapHandle 3336 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {a09c10db-795e-4e8c-aa0e-28e9e653bee8} 3252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3252.4.1536374172\304242945" -childID 4 -isForBrowser -prefsHandle 1360 -prefMapHandle 1356 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {59a39e7c-200c-4d36-bb3d-2fc9c2c6a8ee} 3252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3252.5.782461989\26634778" -childID 5 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {e578dd87-3ddc-4c9d-a494-154637685e2d} 3252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3252.6.785733938\7549088" -childID 6 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\browser" - {4827969e-c4dc-4cb5-809c-aa499407fcaf} 3252 tab

Network

Country Destination Domain Proto
FR 90.120.126.232:8080 tcp
US 8.8.8.8:53 232.126.120.90.in-addr.arpa udp
US 206.217.136.47:443 tcp
US 8.8.8.8:53 47.136.217.206.in-addr.arpa udp
DE 195.201.204.149:443 tcp
ZA 160.119.249.24:443 tcp
US 8.8.8.8:53 149.204.201.195.in-addr.arpa udp
US 8.8.8.8:53 24.249.119.160.in-addr.arpa udp
US 20.231.121.79:80 tcp
N/A 127.0.0.1:50152 tcp
N/A 127.0.0.1:50154 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50248 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50256 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50557 tcp
N/A 127.0.0.1:50565 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
DE 89.58.58.209:443 tcp
US 8.8.8.8:53 209.58.58.89.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50943 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50951 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI19282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI19282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI19282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI19282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI19282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI19282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI19282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI19282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI19282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI19282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI19282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI19282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI19282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI19282\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI19282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI19282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

\Users\Admin\AppData\Local\Temp\_MEI19282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI19282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI19282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI19282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI19282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI19282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpix0trvnr\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI19282\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNNOeDQ\prefs.js

MD5 114d4c1d20928fe69ff0dbcbc5674577
SHA1 000783201a7db84a255382d5ec13d01bfc568fec
SHA256 5f8fe7044fbf1b9cece32fbf3d89a901475d05489b76390200d7c7999ff62a7f
SHA512 289a90200e12a804b572a51390087a751d416d6773530846eb033b1baafdf95bd9d5ca9231a60f571fcff2988210a6b52656932422acabcf6569930e545ef42d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNNOeDQ\extensions.json

MD5 b5aba701ab3d6baeff57d7ec4490bffc
SHA1 b72973b649b5dccd8aa47325210cd988cad84ebd
SHA256 6a091ccbcf6c1592ecfca8cbbea89aa38cf7d175e51d7701a62dbbcb8a61d452
SHA512 e56f5719095c8de401d381ebb7f975492a844556ccf2632ea7a0b22bdfba72d96753d4612cd40dee10ec4a226052fc2bfa22e5c2c698b2c3e969a9edde9d1460

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNNOeDQ\prefs.js

MD5 326d7eae408b463fa2cdfe9f767d2d80
SHA1 bc2fc7f984f527624d8f94b5293586c160889fad
SHA256 88fb3848ed29def7591c72fa26ff795dc6149ef6405a4fc1b5e0d67afce707ad
SHA512 82fe9779c3a1eb871c74f119a90a195e683cf509dda8585630a5c977ba19d0fbd69a1e5c1ded1b5f97e15a80b9457c14ba1102d3317021f0456a61d17b2003d5

memory/4664-582-0x00000219B65E0000-0x00000219B6750000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a444124bf4f1cbb90f06dfde02c73c87
SHA1 6ede2d7008b162b59cd06528601540ff98dcea2f
SHA256 7e9cb003359cb48113345c84fb18c9325303a844461d479c97560e3282623e41
SHA512 8af591571f794995c3d7cc02d792145680eea2d61a7c5166d6c83636f99bb96ea81880a45b61fd3d5ce4cc565089945ccd3ea60e2db2cb22218ca82c0506ce56

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNNOeDQ\prefs-1.js

MD5 33672ea8e8b4b9413b65ebde31013f8b
SHA1 6909bd16b1d229f1264195a3ccbc9480c1c8b495
SHA256 ef4401458a8d3bf09ca2044e44657a23b3c99d10b4aef522d40c845cea2d9a17
SHA512 1979f91646ca059cba5ed711a973775376c19f2e1ce2897cbddba2aa0a0306e3d8dcfd655d8f341acee1048fb44ad51c844a053b089da82b5f21d198463e03c9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNNOeDQ\prefs-1.js

MD5 d68446cc0cc3c0399af8fc23bb686f94
SHA1 3061147a0021f17672125bfa8ce7b47d73e26c0f
SHA256 6406c32c13719b7b89858ffd0c7242e8d664f2dc62c53a250e5d1f464105f83b
SHA512 71bf8b9644330aba7760d32fdee448eb129a8908ef5422e846871a8379cb5337e3ce7a85c09c65f9351a12c83997a29d55be3fffd20ab0e16e3713c484191772

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\startupCache\webext.sc.lz4

MD5 ec036f467c79a89590d3ec4789ee917f
SHA1 161045f05918f4c6be74a909254ab7e90c660f34
SHA256 91d33abea0e589bdbea274afe936ae193063133b3368c50a34f892141bd15e01
SHA512 628ada291a39bd1860b0f96ca43e260e803101552d3cf3616ebebb081ac6843c3ae49eb949e9265007877a6fb5203124f7bfcd25b7dd99d8a549340fbada68b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\prefs-1.js

MD5 436a7163b0bd55103c17709ef891fd34
SHA1 8f952fb208752295c4c5d110e3f6de79c0da86e1
SHA256 133460584c878ec8159a8a32891141d175e86c9a41899569be70fd950a05463b
SHA512 08b6bc4850104c1a34390d5b771b0da6235f8079221601826c64cee4807a41637727d7ff1788e602b354c5cad1ad4fd5bf3e331a84b17b525fd44261fec13b73

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\prefs-1.js

MD5 c4b22cff9f7f7d05ff5e2ec6b2b47a6f
SHA1 e44bcf582129de25f972b0f335b46e6d8425558e
SHA256 92f6a9ee6a570d5bbb4a315ed866374eda673259e0a4dc23e18143d4de0db907
SHA512 be0e81eb5e0c7a90c872e3bbc73aff6e4667fd0760f88d0217cd989894ae174a1d8764c71ab7d86ee7440cea78a9521b601508971d316caeac26d18a6a9cccd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQbnp6m\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3mKI8\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3252-1137-0x000001E972720000-0x000001E972730000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3mKI8\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3mKI8\prefs.js

MD5 f8673c9a35c9c95883a7563952cb78fb
SHA1 d514c85d966294325fb21bfe75b1c454ce77d6a3
SHA256 939bb9b4cf61021d849f04194082316a5e5b746fd0b5f245920526a80d8009f0
SHA512 007ae8107951d80fc5997d2110ab2d9072670e586c28119c86c77f202d5ad7347c3bab0257a3e1e6af6258a12d60e14fe516a202b010310298059aec4255135f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3mKI8\prefs-1.js

MD5 6034f1964032ad3416541920e4c6befc
SHA1 5d174362fb911cd488c9e8f9fcb51874a6858eff
SHA256 2dc59e657c32136e8b7c3a6b57ee74eacfdea5cf0831de5c9214672c1dad2f74
SHA512 5b653f05ccb5e5463b6db9fc0c6b999e4dee405d3149a39a101e0a47215e98ba74dfb35f3ac823232bd7ff64bdafb1824912ae101791b7cade1fac8ec2fa05ff