Malware Analysis Report

2025-06-15 20:34

Sample ID 240509-a5m5magh81
Target medium.exe
SHA256 335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb

Threat Level: Shows suspicious behavior

The file medium.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 00:49

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3912 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3912 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1220 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1220 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1220 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1220 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4900 wrote to memory of 4208 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4900 wrote to memory of 4208 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1220 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe
PID 1220 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe
PID 5076 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 4628 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe
PID 2256 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe --port 52740 --websocket-port 52741

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekmFkmJ

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekmFkmJ

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.0.34680934\1969448251" -parentBuildID 20240416150000 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {8a505109-09a2-46ae-a90a-bfcd3f9bdff4} 2256 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.1.2055651645\760391013" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {0245e368-58a2-40b2-a6bc-cf1be5519b35} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.2.1697906807\90265425" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {1f7108c9-71f8-4fdd-9fcb-71a2dcf0684e} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.3.2025676182\331481928" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 3252 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {0999984a-6ff1-4003-b9f2-e613154ce556} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.4.239337873\831668882" -childID 4 -isForBrowser -prefsHandle 3944 -prefMapHandle 3908 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {aabe6b58-fefa-4b94-8911-486954d5b95a} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.5.21852267\1426068371" -childID 5 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {7954dcd5-6a97-4858-a4fb-d40c569f5ff2} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.6.1112600608\657945199" -childID 6 -isForBrowser -prefsHandle 4292 -prefMapHandle 4296 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {c89316f0-81b6-4573-81b1-eabe5a6fedc5} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.7.1490616058\1316887330" -childID 7 -isForBrowser -prefsHandle 4640 -prefMapHandle 4644 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {f302cd39-ceb1-4374-a5c1-b4daf31652f0} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.8.838447345\814917584" -childID 8 -isForBrowser -prefsHandle 4836 -prefMapHandle 2236 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {6d517c5a-0bf2-490c-bcd9-06977caaa3aa} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe --port 52740 --websocket-port 52741

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1552.0.60105382\768289006" -parentBuildID 20240416150000 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {cb9bef0b-d0ac-4b49-886f-fd5d2b14204b} 1552 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1552.1.715259571\245293492" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2688 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {9e062823-aba7-4819-9127-8fbf93d5c41a} 1552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1552.2.642258703\325890736" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {be8e91c1-515f-48bc-a930-d6c42294e17f} 1552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1552.3.124006037\1045061246" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3656 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {5ac41188-9a01-4a67-a092-760cfcf4f0a4} 1552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1552.4.1248797852\1764464289" -childID 4 -isForBrowser -prefsHandle 1588 -prefMapHandle 1584 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {1c23796f-2939-49ba-89ed-37c9c1119a8b} 1552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1552.5.1235435929\837417623" -childID 5 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {38f04f22-93d6-4482-a967-9c85932e909e} 1552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1552.6.1446654419\1533670499" -childID 6 -isForBrowser -prefsHandle 4208 -prefMapHandle 4212 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {ab1578c0-e585-4928-9921-829d76e5ffad} 1552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe --port 52740 --websocket-port 52741

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="532.0.254955599\800842993" -parentBuildID 20240416150000 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {c114aed4-e4d0-4379-bbd5-eb3108e1f65c} 532 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="532.1.767314309\228668110" -childID 1 -isForBrowser -prefsHandle 2532 -prefMapHandle 2548 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {35a50fb1-7413-42f7-bf45-e94ee895b096} 532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="532.2.1876795933\134896462" -childID 2 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {5622a265-225a-4729-b7c0-5ac5a1b03551} 532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="532.3.891722967\1411116789" -childID 3 -isForBrowser -prefsHandle 3352 -prefMapHandle 3340 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {4b19b3d2-28a4-4396-9640-a11b87b293a4} 532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="532.4.637300663\636346582" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3820 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {d24c6894-de89-479e-a992-45818495f774} 532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="532.5.1522764063\451818249" -childID 5 -isForBrowser -prefsHandle 3992 -prefMapHandle 3996 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {00c82286-64c4-4d11-9ef4-33da3bd4e95c} 532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="532.6.1555115691\2059553904" -childID 6 -isForBrowser -prefsHandle 4180 -prefMapHandle 4184 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {a7ca074f-0d11-4cfd-802e-e53959aa1abf} 532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe --port 52740 --websocket-port 52741

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledDKEBC

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledDKEBC

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.0.1786863262\609734518" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {7f237409-1398-47f4-b47a-057982b022f0} 5100 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.1.760794406\786180545" -childID 1 -isForBrowser -prefsHandle 2356 -prefMapHandle 2604 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {61935e2d-fe62-44cf-8223-b7ac7ba0b60f} 5100 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.2.1678207318\1399074040" -childID 2 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {54f1ea36-53d9-41ee-9c0d-2db374d5e793} 5100 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.3.183894182\1257834217" -childID 3 -isForBrowser -prefsHandle 3656 -prefMapHandle 3660 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {ac0e307f-4083-45e8-ad67-740d35d75645} 5100 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.4.119675959\1508596910" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {c8b0ea68-bd94-49c1-9176-2afa87f2559f} 5100 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.5.2141613388\783792896" -childID 5 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {412c802a-a7ab-41df-a829-a9e4e79eaee6} 5100 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.6.887714706\1905851838" -childID 6 -isForBrowser -prefsHandle 4140 -prefMapHandle 3964 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {c78dae90-1b9e-4208-9dd0-f32de8f4f11c} 5100 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5100.7.1575885286\1676583488" -childID 7 -isForBrowser -prefsHandle 4248 -prefMapHandle 4624 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {5a80efb9-ce2e-489b-8bfb-754bb9433777} 5100 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe --port 52740 --websocket-port 52741

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52741 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5040.0.1429176058\364099450" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {2bffd340-a1f0-434e-92eb-88e6df30f3ef} 5040 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5040.1.759326264\101604132" -childID 1 -isForBrowser -prefsHandle 2424 -prefMapHandle 2584 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {121e8e00-0994-4aa5-bb76-c94c1fceeab2} 5040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5040.2.1178897651\738227584" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {4fb396d2-cba6-4449-8e70-f4229d3e640e} 5040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5040.3.706225980\948058232" -childID 3 -isForBrowser -prefsHandle 3316 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {994e01b9-2fd0-4b39-a544-d4e383c09108} 5040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5040.4.734507186\1591873945" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 3368 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {dade39e7-1758-4dff-b613-b5fb8caaafcd} 5040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5040.5.1753540652\2053481469" -childID 5 -isForBrowser -prefsHandle 4180 -prefMapHandle 4184 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {430e73b9-f359-4547-a6e7-ce3fdcfb1f90} 5040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe" -contentproc --channel="5040.6.195479025\413807405" -childID 6 -isForBrowser -prefsHandle 4256 -prefMapHandle 4260 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\browser" - {b2130310-8dd1-4b0b-903d-57546e4f4da1} 5040 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NO 185.243.218.61:9001 tcp
DE 88.99.145.25:9993 tcp
N/A 127.0.0.1:52843 tcp
N/A 127.0.0.1:52845 tcp
N/A 127.0.0.1:52740 tcp
US 8.8.8.8:53 25.145.99.88.in-addr.arpa udp
N/A 127.0.0.1:52740 tcp
CH 144.2.101.81:443 tcp
US 173.52.94.197:9004 tcp
US 8.8.8.8:53 81.101.2.144.in-addr.arpa udp
US 8.8.8.8:53 197.94.52.173.in-addr.arpa udp
N/A 127.0.0.1:52949 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52957 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 25.147.200.23.in-addr.arpa udp
US 52.111.229.43:443 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:52740 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:53318 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53326 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:53608 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53616 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:53934 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53942 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:52740 tcp
N/A 127.0.0.1:54269 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54277 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39122\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI39122\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI39122\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI39122\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI39122\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39122\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI39122\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI39122\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI39122\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI39122\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI39122\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39122\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI39122\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI39122\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI39122\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39122\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI39122\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39122\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI39122\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI39122\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI39122\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39122\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpkorghjk_\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39122\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/4144-492-0x00007FFFB5650000-0x00007FFFB5651000-memory.dmp

memory/4144-493-0x00007FFFB58D0000-0x00007FFFB58D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekmFkmJ\extensions.json

MD5 3bb39027eac0a2bbd7f29f5835de5aeb
SHA1 cf91396a153fcafaa0b2ebd7d8908511bbee4796
SHA256 b60c83df7200508178be7d8c0ef36ce6db0862ee678e3272638d47d4fd0a5693
SHA512 f3c6f6ce3d6c9ffe9e2c36960748a0549ade0b6367a2250e315d5bdd5951e4bc5bbf52deb6246b10fd27ec255bf91634f7773535883738f776dd227f6c897570

memory/2256-553-0x00000164E5920000-0x00000164E5930000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 4b68aaedde507cdc6acaf790f4feb8e4
SHA1 5ceaeefab5b429ab23ffa6cdaf7a8142ee168680
SHA256 6478da0a1f557cdd23147738ec66caa0cc4541da16b9ba7e9bd2eb652dba06cb
SHA512 9ba1e042e3bdee7bb6cc89f8bf4729316b85845f1d72b3985620bdb72127fc36e71ae6a52d1e2d4a7519ef3f92a20bca2db1c6b6db3bf10438982d874f15ebca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekmFkmJ\prefs-1.js

MD5 acfc7fad4addb34ffbfa66d1d2157200
SHA1 c1c3793d15c6d7fa410b6bcc930f1393291f7d00
SHA256 50cf77f4e17c5e3c95223bd172aeebb1f7d3fb5ee8de450bb6255550804cebfd
SHA512 dfb3e4dc8dc3813b396fa86353a90744eab9a5457d4bae33abf3d53838a6af0a26bc8045f4107cbce3593646ac227e1960d0428efe01f535ed4dd57cac5dc668

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekmFkmJ\prefs-1.js

MD5 b657e4e344e71ab52bd84501dfb93ed1
SHA1 e8bb1d015c3decc5bda21389b589c5fa48b8f91b
SHA256 5401d20f655674b5f65959a7d85e8ee3921e9fe5f0935465bbe64d5b134d29f4
SHA512 ef6eebe5211528c261f14c1db13cfd30938fe4d62d1e464356a020ec45e95e5ebcd97bc39624ceee7ebdf85ce71f2a01331e400c67231c3a006bb7c3be6e0cb8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\prefs-1.js

MD5 8967fdff5573e692f75fd7b090332c0e
SHA1 67ea4fc6f1cb2e773ca20e93381ce4bd71ef4d5c
SHA256 039a6ed68ecbdcf3c9b3e8a2a474c907cb23a3e28016c5eb3fa428eefb38db51
SHA512 a3ec82b595750c8dcfe94b50aa4a6f264c70ef2a2bd1e784438f1a3ac258d9acea6fa2d12423854ab5908e0c4ba21fe8aae94d20ee26ccc1d72f74e295bb1660

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\prefs.js

MD5 364842b13a2b98ab1f0f8577b34ea5f5
SHA1 616ba7fc202e44be5c171b14df9d7377808d9def
SHA256 b3dc8ec27d3f99ed38dd4eaeef5242e1e856cb8f9c2f7dd0f69e0ec85b37cf31
SHA512 e155eb1630588a9a49dd315e757e2d8b2fecbd5b9a6fe214687d1ff3865d717aa420892b439b6ec849f1aad3c4b58c171070b9466b21e2046c7ab881c9655e22

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\startupCache\webext.sc.lz4

MD5 0c790362d601efcc294afdbad0763a7a
SHA1 d4ca11a982c3428fb821f010822966cc044a1360
SHA256 312bbd802ba1be7c0bf523bba0790edef11219022548f5da67e1ca63ca1378cf
SHA512 24cafe86651cec260f622a4ac0f5628e6497cb2f06dda7d85d10187e9c421fb586e7d7960e278df5868cc9767aa4e5b19e84a16edb9f87f879fc027cffadb788

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\prefs.js

MD5 a6d84ecd4a916c36ddf982c42f13744e
SHA1 12241fa5172396dba5cc0f8fdaa3a2dc12b94fb1
SHA256 9213776d4fb54b750b9e57feefcc2409e37de4655c785908c1d5e02f6fd5ae67
SHA512 a2215918694844cdc5a28b0b39dc5aabb961b331ecdc5187f4df6c22add8ef97e12c66d3455ac7c21400221b4d7a5b939197ceea81cec6fb1274136f1e71e42e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgiwPM\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy\user.js

MD5 1907b46a98c55acfeccc1cd754931191
SHA1 24688671d2bfe8322b641f62b711ef06ecb8009c
SHA256 8d47f778bebec7cc5873673d4b0f2357cfd57232bfd4d74be9e3755daa6c5fad
SHA512 0e93d44acc3dd51a30d5919c7e50e98aa02026d3d6778455eae1cab4a5b0259648fe06c1dc70decc77bc7e66ac67adcbd8d1aba64ee0330f2c8b17e22efb07af

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

memory/532-1150-0x000002BFFE480000-0x000002BFFE490000-memory.dmp

memory/532-1197-0x000002BFF1EF0000-0x000002BFF2060000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy\prefs-1.js

MD5 336f90e85f3a92604e3a947e5bca9632
SHA1 bc99da811dc2be41e05576df58b1a5329eeb97ea
SHA256 f6e783da721de630be3e5d8efa9217c982c5470d3939c263f09a1a133e2e736c
SHA512 6e352d2b1f0ec07ee8bd8d8bea3ad1f1b61a58d0cb155e6ae0275625a7cdb244629bef0b310f2f9cdd887696a25f9a70ef7eecd380134d8941b9f95da49a67d1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem8S9Yy\prefs-1.js

MD5 a2fab6cfb0a42d4c4f4be9394450ec61
SHA1 10017b03d5b56027a96dc5512927d29abfd1d8c9
SHA256 c86f09896f890125800ee6e004d621c9a4017f94e7e03677ab64ff89574bf63c
SHA512 85ae236376c6ece897b0a2f6b006bfd68b4a0340d529123fb9db6fb2861f21b815acdccf6994c8a4ab2dc9ffa2974a6f72806055103f5a694858653184e22f01

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledDKEBC\prefs.js

MD5 2e427777597b1a79ea40c53f319ec5d7
SHA1 cd36966ed1252210621f93503dfc67f8e473f204
SHA256 799bd7ae258a992d063fb2affbe53b5c6c235490fa2febe0e5869a2b5cb109c3
SHA512 39380b6cbcf054af67f45f3731ab1f84ba5c6ea597e9249b8086b17b93ed869c0b6e7ee29b4b1129d56320fc752abc0de4a667d7e74ad4e40ec802beef4a3045

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledDKEBC\prefs.js

MD5 968e4bf3f3ea28c3df30d18d9ad8bb32
SHA1 da5d2c2089b574da4be0a8bff4add2044a9e3692
SHA256 1f86c947e2f17df9e9dfbbb72048ae59e1fbbd5bb7dd86566666a8fb9ceda7af
SHA512 7b169cd76907a4fb78f715f3fbb2a2eec81f9891c57b8719832c2790faa20a1e616c30b881271fd27e5cbd2a4d3dd489ad3c3c50fc7ae25f707fbab1b6bb5f9e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c\compatibility.ini

MD5 1ccd7bb9b98450f238fa8116df6c3c3b
SHA1 9211299c9a9bcf87608efc566fafddfcb4cedea1
SHA256 f13f7bb5176bad08d719d5f28fb66b5172a1b547851c6b0a253b859fe80d5a11
SHA512 9146543e0a8dc6500e0c412d7ef5d8067327fb551db48b11d0e512a534ca09235d6641d6b9e93df89a322128e2308a2bbee56fca253dbe6d34fd51dafab5cc21

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c\WebDriverBiDiServer.json

MD5 a75497af903e9e55f11ce106a70ce91d
SHA1 cb173928a0bf36e6c8df17924566449ce0b6bd91
SHA256 7d08c22a0f449afaa6530170a18e51e157a16a03e0b5482796cb9beed0957e0b
SHA512 c77a254e3c81bba24cf713b1b1443b3e079d0ea2c57ffca00fdb8fa1332c2230c7edf7d76d6e5d32a928a26fef18b18ef14bc21840fba2c21f3184f3ef1b5782

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 08ab06bf97927128ab0fd73aec4bf35b
SHA1 b9113a1ee112df2e1b59483b9e4fcf86d071fbf0
SHA256 90fc3006ec6168626335b2ac5e5eeb7340a59c0f332750e9ce608b2cf738e906
SHA512 247fb200b61748b16a1a3659c0bfd37f9c51a1fbb9f7f91c678e80c610a9791fc77ccfd0e4710616d8fe794c4231ff236d74e76223644dbe3e92df8aa105febf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexX4K2c\prefs.js

MD5 a4cf35ee86b9411b6cc4788311f03f89
SHA1 7f0c09f6388f43c70826393c5eb8024278501bc7
SHA256 bec0bd1edc7c130ac692da5faf8fff581ad1bae75c9641dd4ec007bfe1b6b0d9
SHA512 4cda0d9cec7dc6545a6d8265845a3e3759617cf3b10670031e9625048a22d410d8a0f654340d9ddf9d6b2fea2663cdb2979ed8a8824821e5c1fef306d9096b57

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win11-20240508-en

Max time kernel

285s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2108 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 976 wrote to memory of 480 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 976 wrote to memory of 480 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 976 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 976 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 480 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 480 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 976 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe
PID 976 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe
PID 1948 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1860 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 4072 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe --port 50013 --websocket-port 50014

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50014 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYMqj6C

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50014 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYMqj6C

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4072.0.1667839679\1900313257" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {afd39247-df28-417b-93cb-86afbb87c229} 4072 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4072.1.1188065216\115897765" -childID 1 -isForBrowser -prefsHandle 1256 -prefMapHandle 2872 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {75047eef-e59f-4c1b-b126-0cac6efda857} 4072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4072.2.2143763796\671537661" -childID 2 -isForBrowser -prefsHandle 2340 -prefMapHandle 2492 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {34092d67-906a-4789-b92e-d4905fffe774} 4072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4072.3.2129532755\360488905" -childID 3 -isForBrowser -prefsHandle 3440 -prefMapHandle 3456 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {86ae520d-d7dd-4d1c-ac42-61196e1248f3} 4072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4072.4.991432849\1652761754" -childID 4 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {d337b71c-7b2c-47c4-9628-2c4b2331da08} 4072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4072.5.563145641\1676230522" -childID 5 -isForBrowser -prefsHandle 3164 -prefMapHandle 3176 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {5b549b58-3ae4-41e0-96de-77b4f669ff65} 4072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4072.6.729634626\1439821243" -childID 6 -isForBrowser -prefsHandle 3952 -prefMapHandle 3932 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {91a2e4ce-4cc5-4c07-900f-e131d4577582} 4072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe --port 50013 --websocket-port 50014

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50014 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50014 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.0.1935954343\58057578" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {b4cfae19-3116-4385-8b9b-7f6da94dd23d} 4064 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.1.2099500615\361503987" -childID 1 -isForBrowser -prefsHandle 2412 -prefMapHandle 2440 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {118abc45-b9b3-47b5-a6fa-86e3fd20c6ab} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.2.1872968177\1325413894" -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {9b1c5ad2-2370-4321-b7be-2a0ce05226ea} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.3.497266994\984446038" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {941b13e2-cedd-41b9-9bd9-e2d76ec2c75c} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.4.1143435197\728609672" -childID 4 -isForBrowser -prefsHandle 3820 -prefMapHandle 3816 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {a4e71410-a630-41b3-8ca9-5f2cceee3841} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.5.1130646998\836676647" -childID 5 -isForBrowser -prefsHandle 3960 -prefMapHandle 3956 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {cb640681-1858-4337-8742-4da75ffe7ab2} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.6.2135100879\1745534515" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {628d30eb-6f17-45a2-aa43-6696d6e05d1e} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4064.7.285949647\755489458" -childID 7 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {53d136f6-620a-4d7f-8134-a739a4dfc916} 4064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe --port 50013 --websocket-port 50014

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50014 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCsE6sn

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50014 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCsE6sn

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.0.1293218661\674937345" -parentBuildID 20240416150000 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {c8bb2656-9725-4c13-b946-1e44e0f24552} 1500 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.1.715736450\120029808" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {b372df05-cb31-4fe5-82cd-6707c2d6e313} 1500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.2.1126188205\525305856" -childID 2 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {1cd24f71-c784-4ac3-82af-f1c64322b7b2} 1500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.3.407903849\888929269" -childID 3 -isForBrowser -prefsHandle 3124 -prefMapHandle 2984 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {65ef8a4e-250d-4652-b586-203592197318} 1500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.4.1793964136\35847199" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3124 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {fcb0ef8f-5829-4bc4-952c-6a40f2903022} 1500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.5.576232491\1557456837" -childID 5 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {99833da7-8817-4d88-9ebc-e4fac2cb60f9} 1500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.6.753853106\899245958" -childID 6 -isForBrowser -prefsHandle 3264 -prefMapHandle 3428 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {2c524a63-0ab3-4d73-86b9-55057402b863} 1500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.7.1516010336\132794371" -childID 7 -isForBrowser -prefsHandle 4508 -prefMapHandle 4512 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {4eb2a1b9-9c86-491b-a0bb-ae73349b81e0} 1500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.8.1904110864\784038710" -parentBuildID 20240416150000 -prefsHandle 4500 -prefMapHandle 4472 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {1c23c71b-c62e-407d-84b2-94186c843001} 1500 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1500.9.1271220856\1059181986" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4620 -prefMapHandle 4668 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {7bb7277f-e308-41d7-bd0e-b04a2ddb6f57} 1500 utility

Network

Country Destination Domain Proto
IS 93.95.231.110:9001 tcp
US 8.8.8.8:53 110.231.95.93.in-addr.arpa udp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50021 tcp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:50013 tcp
NL 95.211.138.7:9001 tcp
FI 95.216.96.44:4443 tcp
US 8.8.8.8:53 44.96.216.95.in-addr.arpa udp
N/A 127.0.0.1:50222 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50230 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:50599 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50607 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 78.46.193.215:9001 tcp
N/A 127.0.0.1:9151 tcp
DE 78.46.193.215:9001 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:51042 tcp
N/A 127.0.0.1:51050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 78.46.193.215:9001 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21082\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI21082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI21082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI21082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI21082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpn4nrnmwp\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI21082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI21082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI21082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI21082\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI21082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI21082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI21082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI21082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/1632-490-0x00007FF81DC20000-0x00007FF81DC21000-memory.dmp

memory/1632-491-0x00007FF81CD40000-0x00007FF81CD41000-memory.dmp

memory/224-522-0x0000026F0B5C0000-0x0000026F0B5F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYMqj6C\extensions.json

MD5 5ff7d9b80bf6e5b551871a7b08ba6630
SHA1 60ed79ef520cca01c26dde90bab6c768e6250538
SHA256 3faf0954c02acdc4595410f8a75f52c8bb3b7ec5cb6fdfe95685ff89322ea554
SHA512 a037616ae57ab6f60f781b77a370fb1a0391989ec7f4495706a7e0cf3dc8fa140076a9b905885de7bd00bde4f15d0ed969ed1a25a48b5916ea8fb72ea9c44dab

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYMqj6C\prefs.js

MD5 c679c6e751abd23fcec0543051b9a909
SHA1 435c2207603286b8fc1686347a26951f71155820
SHA256 d08efd7803a2081f8a591f1ce8bd4e1b1c066f640b6bf65d1620679f8fa1fe63
SHA512 d92b1a60973f727c4cdf3defb1a556f4bc634589b987f1a576ee8ecf4c76569d1667f2a81fa503b1db8f16cdf4b3b84e33d13ef83141c8f5364dfab45dbec8f8

memory/4072-558-0x000001FFAD670000-0x000001FFAD680000-memory.dmp

memory/4072-596-0x000001FFA2530000-0x000001FFA26A0000-memory.dmp

memory/1632-604-0x0000019495730000-0x0000019495761000-memory.dmp

memory/1548-605-0x000001EDAB790000-0x000001EDAB7C1000-memory.dmp

memory/420-609-0x00000211DFA10000-0x00000211DFA41000-memory.dmp

memory/1440-610-0x0000016EA6F20000-0x0000016EA6F51000-memory.dmp

memory/4492-611-0x0000022441210000-0x0000022441241000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 42f6a4a35c5f3fc6b5a06923b16ba2d6
SHA1 a585c5317df0aa13cd3d0c4fda74cb14a0007b11
SHA256 011fcfa0567e572f9d249168ffd9562d1781f45da3aeff244c4b53512d2fb31e
SHA512 569846c1c572195813253714a82f3be0d8eddd05e6ec793589723981faace3817b234ed0e9df8fd8cb8156f44e1922ed90aafc957b2b0bcbb8578c5dcd1c7bc6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYMqj6C\prefs.js

MD5 e64c2948e40a29f4a3c95887c53db227
SHA1 59e7c9f803dfa77b8526088a298c8c545a75490b
SHA256 4b8bbf927ff81bfc892e1db8076fe208661025be63c2d356dd25911f287ec8ce
SHA512 37326761dbbc568e18b06c69f1ac7d8bdad1826dd68206d14afcfdf1fd66b8e706eb7b5de452e316de41f3758b2b89a06fc954ce0f61e80a5483b50c1359c613

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYMqj6C\prefs-1.js

MD5 001528983b97443ca78d4973ca324c3b
SHA1 7c762d0c2ec49d8b0d4faa7499edbe07e91eb13f
SHA256 f8622741d56a18712602bba8f908167ebb3d53bbd8d3ca74c4e160ef0ffd357b
SHA512 01e4f9188c34efa83a1f87f2347c20d3581619f19f4fac56b97c30dc8de41abd880d7f5f3448a06a69a6aba02aea5dfb7bdfdf6b03c0a22e597fe8f8b3bbe066

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\startupCache\webext.sc.lz4

MD5 7d988bb4cb224fcdaa7041bf52540789
SHA1 624cc12c32150736fdd20178d73f9a8950e11267
SHA256 627e27fd4ac9b625a556e3cf924325d38d5ac661ccbebd2f6ed126a8ab96ed87
SHA512 b73807f44d3fb341d57553bd11eac396bcb79d7a17c441fef77597b0568ecee2d450ea77a6b3f21bba6c425164dd43df41ef45761d9bc6b4db248c7f88f00663

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\prefs-1.js

MD5 d8e2a918aedf5b78cee35bfa2fd77f7d
SHA1 01b4f5b0abe8c5ea3f8a6426d3caa7419f21f25e
SHA256 8368fb3322559f1997cd3640020c18fe34cffb6cda379d8f9bb31edd95a13f46
SHA512 2ecaa97bcf8d4de962b26d0b1fb5c5324b7f386a80bdfbe07c132c9c9c5079879b86a4e62efb5dc45d8da5b536d1feca5a0bf56170b4aaadb584dd58518e66ae

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\prefs-1.js

MD5 e9b253d13a7f1f69b1cca6576dfbf2b5
SHA1 b8cc315864e076f0598344a882ee5ce3f3c3acea
SHA256 45b346b09473f429e3d16953cf43b1f66379b6d632d42c77a6142eb4b49b8cd2
SHA512 fb6482b5503f14eda7bad159faa91187acebc7d54da27b1e05f537741bef0d79d784f8c9ac967362b84c08ed2e7b57dcb56497a3e309e4eafa8c08b614790d33

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile39nIOC\prefs.js

MD5 b641a15a38c14048af752eae1c6a7f78
SHA1 d2c4909bca1c3047978498dd71909e8bb0ac5cd9
SHA256 7c123d3af51cdd2cee0a494bfe40c4fcc9ef753940a276ac7d367ab865755bd0
SHA512 360718825bb246956dc4199199663b73dfa54af7bdfcbaa908711335417a3e7b9662bba10ad36f111bea717b119552fd4325b4f3a26774ca5312f01865e70f16

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCsE6sn\user.js

MD5 a376cc3064f807dce0e190a28d30fdb1
SHA1 6f4496ae768c4631c7eb0457609a918fb42d9366
SHA256 a4d573690f863d7ebadc87e32939fe5e3727f3c55d5eb9f33bdf10537f02531c
SHA512 bf9614d68944dd599450b98b260c85b1de66fa9e16300fd7034af60f87443274c23ab0aeb54dd154b4c8d24eea3df0f2740b59fbc5c0b8293bb3f5d39d604dd3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCsE6sn\prefs-1.js

MD5 952a3e302566edd1f5588e8e0b28b438
SHA1 4f05b75043a6fb8467624f52a4aec8624002c678
SHA256 22bc4b1ca0d923825be91dfb8b659a8764e9cd3d001dda9923a6594db11acebf
SHA512 21c7591b3390119d10227db26fe937c7b987110685f4fc847a486f8a6ab91a00997ca09f593eee573b1698d11d1e25c1d62bdd0c17befb02090184a5382d282a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCsE6sn\prefs.js

MD5 82f26d11b73cd5392d3272de0cb5698f
SHA1 8280bfe89840989f12eaaf443309b501177ef1fd
SHA256 e0f55b1732480291cdc9f29b83a25cfe6e173b839fb86b7bb865c8c1395233ec
SHA512 f52bf16593d2e7bd0f523050fa3a056b1bd994afd0e24b586588a3594193bce1fd643f9223ccebd7ecc00515c846cb0875e905eb9482013d473df4e26165ddc9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCsE6sn\prefs-1.js

MD5 63c13ddfa3c9e9f5bcc3606df11d1f3f
SHA1 2c6df70ed9e70dba95fd354aa867327dc1db447d
SHA256 4349475d7ca8933451a2f9a33e6858c014a17658ff541c65fd206694afdf8963
SHA512 c58af10b3d2bb21d74c4d0a9f012c8b5b09e2cee316f50498e346b85b1be30fa93f41e83ef95650f508b92c2a9fe8f52044cbbcc35a76fc92b97744cc6a1cfa3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCsE6sn\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win10-20240404-en

Max time kernel

300s

Max time network

313s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1616 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1616 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2596 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2596 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2596 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2596 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1560 wrote to memory of 3868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1560 wrote to memory of 3868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2596 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe
PID 2596 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe
PID 2968 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2968 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 620 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileES6Vw2

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileES6Vw2

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="620.0.1787650000\1053329419" -parentBuildID 20240416150000 -prefsHandle 1432 -prefMapHandle 1420 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {8d498020-cdfc-4884-af22-913bb47e95e9} 620 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="620.1.1988875539\1739645198" -childID 1 -isForBrowser -prefsHandle 2580 -prefMapHandle 2588 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {333b0c6b-42df-4e87-ab5c-cd1b620904da} 620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="620.2.1716284232\244725611" -childID 2 -isForBrowser -prefsHandle 3052 -prefMapHandle 3056 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {34773363-8091-4251-be0f-c6edd27c70f3} 620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="620.3.1559841128\1776429466" -childID 3 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {a32c81b6-fd50-4bf4-96f6-d85de0979e31} 620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="620.4.1420970833\1576455095" -childID 4 -isForBrowser -prefsHandle 3676 -prefMapHandle 3296 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {5ae3ddb0-d279-4a2c-993a-4634725235f2} 620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="620.5.768601052\1062064597" -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {765b47a7-b3b6-4b63-b101-6293f5767e91} 620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="620.6.1219011596\1535012788" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {adf11128-a739-48bb-877d-16eac334c652} 620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.0.1463460450\385737240" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {7e0faab8-efde-4e0f-a95a-a56c88f31a3e} 2176 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.1.1996533803\1982628456" -childID 1 -isForBrowser -prefsHandle 2448 -prefMapHandle 2464 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {3d07205f-34d9-4c62-8ebf-4645decf6abd} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.2.1482483801\1879136358" -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {6c024e26-7b84-4013-89f9-07cede2d745d} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.3.462883981\1029159528" -childID 3 -isForBrowser -prefsHandle 2060 -prefMapHandle 2944 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {9584b667-9a2f-4de0-b5d2-564d51093643} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.4.2089419956\676718800" -childID 4 -isForBrowser -prefsHandle 3012 -prefMapHandle 3020 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {490b97de-2e84-4ca0-b8f1-50f2f7907f58} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.5.1586440455\742279561" -childID 5 -isForBrowser -prefsHandle 3884 -prefMapHandle 3888 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {ae61c936-8377-41da-9ee6-3c7febc0d370} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.6.1287936834\41847391" -childID 6 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {95643bd0-1cca-4896-a3f3-929f7cd16a4b} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.7.1143138068\1392555627" -childID 7 -isForBrowser -prefsHandle 4308 -prefMapHandle 4312 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {73cd5d8b-aa77-42fa-8bca-771b4a64a2b5} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2176.8.62207067\5909686" -childID 8 -isForBrowser -prefsHandle 4656 -prefMapHandle 4520 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {2965672f-e461-407c-a07f-11a65ee4d2d6} 2176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile99J382

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile99J382

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.0.615216291\442598601" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {35417020-1fec-4161-8dbf-4bf672a70e4c} 1484 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.1.1779296698\1064019771" -childID 1 -isForBrowser -prefsHandle 2220 -prefMapHandle 2604 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {bca81a23-96b2-47e0-b57e-f827b7c4c5d0} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.2.898118022\720435418" -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {31e79742-37ed-4073-9e3c-4f8b85dae1e9} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.3.877049890\696214284" -childID 3 -isForBrowser -prefsHandle 3644 -prefMapHandle 3648 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {53b8f9b7-c1a9-4715-ac52-68568b56af65} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.4.1944287843\116107119" -childID 4 -isForBrowser -prefsHandle 3076 -prefMapHandle 3088 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {8b9701f4-7adf-44e6-a1b7-ae71ccfc9646} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.5.268429210\1617857415" -childID 5 -isForBrowser -prefsHandle 3280 -prefMapHandle 3236 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {7f51659b-92d4-4183-bc1c-1d59ff5e6bea} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.6.1856856954\1417417573" -childID 6 -isForBrowser -prefsHandle 3308 -prefMapHandle 3324 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {64d26b8d-b832-4c0a-a483-b9101857cbb9} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.7.2118621897\2038628055" -childID 7 -isForBrowser -prefsHandle 4344 -prefMapHandle 4264 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {08c96838-5e7d-49d4-8048-76c4bb02ef34} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIix0Cp

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIix0Cp

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.0.967586639\440087457" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {f0c2ea1d-8bc1-4fe1-9b03-e8acf51cbc44} 2796 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.1.1089776264\594601673" -childID 1 -isForBrowser -prefsHandle 2484 -prefMapHandle 2480 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {3483aa56-f0d4-44bc-8237-70760ece479e} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.2.393649970\809412738" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {84b2fc26-ef8c-4e04-86c9-2230ac564575} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.3.1371266686\1475056751" -childID 3 -isForBrowser -prefsHandle 2956 -prefMapHandle 3352 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {5d5db728-0a40-4ec5-96c4-bb20bf82e2fc} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.4.342829706\1541100531" -childID 4 -isForBrowser -prefsHandle 3020 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {4fd3c4c8-78f1-4927-a21a-e709beda249a} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.5.1546516267\562876615" -childID 5 -isForBrowser -prefsHandle 3744 -prefMapHandle 3748 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {fd95dc97-d5da-406c-8450-e4223cf655f8} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.6.704647427\60812761" -childID 6 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {e9d23503-04ae-4e3a-bdf8-71a064225cbf} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2796.7.25624646\507407079" -childID 7 -isForBrowser -prefsHandle 4420 -prefMapHandle 4416 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {e693665e-7dba-4f69-9591-ca110a5b6cdd} 2796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVh70F6

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVh70F6

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4832.0.1030243935\1451687860" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {6aa51f72-06dd-4393-8397-30bddbe69568} 4832 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4832.1.619779803\1935997520" -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 2260 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {860e34db-efa7-4cbd-a707-00fde28d8b42} 4832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4832.2.982050320\190221945" -childID 2 -isForBrowser -prefsHandle 2956 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {7e7277bf-c0b1-411b-952c-907a4f44c30b} 4832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4832.3.811476947\132446734" -childID 3 -isForBrowser -prefsHandle 3400 -prefMapHandle 3384 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {4ad43863-8298-4d0b-afd5-1c69390ff272} 4832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4832.4.2121769733\1853616034" -childID 4 -isForBrowser -prefsHandle 2904 -prefMapHandle 3444 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {b8256222-3e6e-4fe9-9148-6ae6fa8d1503} 4832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4832.5.1828324254\1426401119" -childID 5 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {e56a3311-b2bc-4d51-bd9b-126f38885a3b} 4832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4832.6.92212151\787042152" -childID 6 -isForBrowser -prefsHandle 3692 -prefMapHandle 3352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {b518218a-5dd7-4071-a378-1d55d1660523} 4832 tab

Network

Country Destination Domain Proto
SE 193.11.164.243:9001 tcp
US 8.8.8.8:53 243.164.11.193.in-addr.arpa udp
DE 46.4.66.178:9001 tcp
DE 94.130.132.10:9001 tcp
N/A 127.0.0.1:50149 tcp
N/A 127.0.0.1:50151 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50244 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50252 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50551 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50559 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50952 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50960 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:51230 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51238 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:51541 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51549 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

\Users\Admin\AppData\Local\Temp\_MEI16162\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI16162\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI16162\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI16162\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI16162\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

\Users\Admin\AppData\Local\Temp\_MEI16162\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

MD5 03e46f0ba31e614f40092d699774b2ae
SHA1 36007b6459149d5e9f3d2172322de262f57c1ca1
SHA256 5b68cef6c131bc257003a9c37afc806de5e4a7b41791a926049720c23c22a8fc
SHA512 d6be8db7a95fc0a44e4593625a226683bca224e7f85e38f3cdbeb8e920792ff3ae656688823c0faa379fd6e1a7ece8569c3f3a148a901d9671e92af8ae58795c

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp1ya7kta4\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

\Users\Admin\AppData\Local\Temp\_MEI16162\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI16162\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI16162\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI16162\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

C:\Users\Admin\AppData\Local\Temp\_MEI16162\top-1m.csv

MD5 11136fa0eb32dbafb2979b5c07816a51
SHA1 783b6bba1043b11a3850ba5c922e39bb1409d094
SHA256 98c29fb0f6ecdff973c17b62389b8892a69bda49e2dd0c0ca888ebf4ae1f322f
SHA512 3f20d5d0f977dc1661bdf98394674ac5c3b1d85873d6ddc1c2a430ae2d0d46d517473c9884e60474093dcac5436d8aab64d98c0e56532edc49b449822aecec49

C:\Users\Admin\AppData\Local\Temp\_MEI16162\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

MD5 6590580b74d5edf3a3a2119b91aeb9e2
SHA1 94770a80c7c56fde1ac5fdf3b1e44843e0e4a1b5
SHA256 56d75a26d063ed37ec00abf89e098194cf47b04fc28962e39a2adb80ce3f984a
SHA512 dca743e9352ad80f6983dd9c5ddfffb06fc6e74470df29912975252a51b251788e84a3b8d7d52ff97306c4ed3a0cd4008e5a2e0b59e9d8e55f066795305c307b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\nss3.dll

MD5 994bfc2fc10158225503b93c393502ce
SHA1 66026e54aa8b516df5363571774dc234da41be9a
SHA256 0f24198a691bf78dbc6e6d69698307c9f9834dd7615f96508204d365fee188e1
SHA512 2233393819136e00ed4d0ba4af07528d6a73e0dce0b85793479fa500f03d3e55820618428d2b85af6c316726593c1c056964adf5823ab4135a236bc3801b6abe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI16162\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI16162\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

\Users\Admin\AppData\Local\Temp\_MEI16162\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI16162\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI16162\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI16162\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI16162\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/620-505-0x0000023B80D80000-0x0000023B80D90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileES6Vw2\extensions.json

MD5 3ef0c59cc7ed0785ebb0832f5fe67545
SHA1 259db98b6b8ce723c97bc245e48f908bd1c493e7
SHA256 280f41034667694042f1f91fad843ef3623287f5f1fdc024fb4f01863d27d263
SHA512 180ce01a89d3fbe5cafd8006ce9a0707b997760fda0455792b0dd8aee1de57a6f948307f7166e629e0e02afd9e269e30fbe47046f8d63fd7d9865b82e5ec3b08

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileES6Vw2\prefs.js

MD5 9e4254f91231cbb33cc8267fb187c5a3
SHA1 9445f46db56d0781767cd11a47a68b05341485c1
SHA256 e72e7ab9fd50b5dbaed939fc1dbf8969020a0ba32f40286e0b91d146c2a7b5f4
SHA512 adcc898262e933aade75f0c1b2bc31417f3b1c4352f48a65a2133bec927c9374cdd2941cdbcbfcb42c0ff7ba38a49892a44c25616bff96bb5b54cf3748fa8970

memory/620-559-0x0000023B83320000-0x0000023B83330000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 3abe2cec15d23828f3e5e875d6d3a409
SHA1 708f80eb3722f5c7c6a413fbd82c73f0749d2ef1
SHA256 e40e8732e032ffdcd2cc2d85d5e64e4ade67b4e3719e44c664fe1ed41661caf4
SHA512 592289f9ede877d179b1e5ccd354dd8b4a3f89e8d5dde880ef1facfa2d490190a9aefde05d937a07354f979385f726491ad9c8aeb0722cb28f1a44c306693aa6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileES6Vw2\prefs.js

MD5 14013e5a33495c3e761b5d1ca46a81a6
SHA1 d1808097b83a994f8eb19164872290cd83fdb134
SHA256 f3e7f1fd12b1171362fd10d2d2c82f718f9a1af05e35de673e82edfc6ce27dd7
SHA512 c6a1faf27c7b7559e065aa65aad8bdf10f2221edbbd3a272f40681699b7fe2b8878d6f4dbca3a0c8f37369b9a6af1f27fb12c69ba24eaa403bf69ec01677bc12

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\prefs.js

MD5 2e9c6609b4d83c547f94d78ae6348606
SHA1 8f27db39afb2069af6c2c5c00fc226edbe4d8445
SHA256 9f1bc67d862bfdae503c37539d63876f9df6a7fb25ea48e8f4b9c7f3ae190e04
SHA512 5d40d90a5f398e1823d63145550680e9b4f023c0fc5a781d6e2d6861819fa32b984fc0456e28175592ccee5635a0e2a2332eb56a88980f92e334077af41b7d90

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\startupCache\webext.sc.lz4

MD5 bc39069dc7cab0b5a21ef2c58330a937
SHA1 4aa5c49f13b6824b4e5db640ddbb4126f0efe97b
SHA256 9a4f5242431a90346080f44c99a9611993096243c7f94ecc455a3fd6c518d997
SHA512 1ab6eac42e769e0481a5a9b67aafc251f0e114b833d368fa7ac4ae2d8958b96ffbb1d1d358fac98860702268f6254f5dc20ab6ac31430dd32d561d48a98a9bb5

memory/2176-862-0x00000208AC230000-0x00000208AC3A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\prefs.js

MD5 2d4b4e59efb7047241821d98efe480a1
SHA1 0917f1afc36f1420c2e9d46911ff244fddce05fc
SHA256 a4d5fa38fd78e401ec9979a5bc244bdbae5a5da6248b5cbf9e211e93d04867f1
SHA512 77b2376d484afb902edd76ed60a3be43f350c29dc0d3e05de92131dfe30b3cf47eb10957f599ee52f0e4e7705a44216b3fd38527995bc3b17b5e34c36f3f7a3a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\prefs.js

MD5 c1d4818fba12471792e3a006e058c47d
SHA1 7c443e508e47b46f2b95b7ec4a1a2809558bac8e
SHA256 6a0f944c166fbd71bf90531af556453b56d935afeae762c9ab9355d2b12a2c84
SHA512 97a0e3c82ea75f27d0e30df7af34979d5600ba237a579a0eb16ec43dea9b6098d124bc3ea86dd65c92c81ed333d7f2524f65698c1da7dcc569d1ea14c6cdbdce

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\prefs.js

MD5 00b32545602b080bf6cc3a96e9ac25a3
SHA1 96b4152327bf8acbc3373e809b451e106e4412f2
SHA256 64d0cd5770dc1142c38aa5b175ac0ebf80f0c8c87a6829b7e20298d327a5696c
SHA512 6ee46c104d050f3918e7fb993e8ab01dc81edaeede770d99ef64e2cb0fe0aaac559a7e6bcb01d12202a36158009127747ee257c41667211fd692e0d141154433

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFzV003\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile99J382\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1484-1123-0x0000021B37220000-0x0000021B37230000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile99J382\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile99J382\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile99J382\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile99J382\prefs-1.js

MD5 8b204ba56a7dbd7a66cd0ea90b0c83f9
SHA1 3fb9fcfb1c3a47a4818d8ca611d8cd174211032f
SHA256 1853165a78bd199e0cf7b8afbf3ee437dfd3dd573431594b6f854be6ff6cfaff
SHA512 fe4c263caabed2adf7f0ede2867067c1e99e3038337cc859e60329be59a23deb2fcac1b544f45577004b3ac814175af0fb935b68ffb9fd495a1ede362028dc2f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIix0Cp\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

memory/2796-1374-0x000001D40BB20000-0x000001D40BB30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIix0Cp\prefs-1.js

MD5 c325435ebe414f16b5d7dc6968a3716b
SHA1 120506fd4e275d1c965d63f852b65e7477adbe0f
SHA256 47afe3c9e3f7c84a58004600d103625a9f2dc33da09d5bdd2ae699b94450088b
SHA512 e5ac8adb7b6f0810a8c62a85677dde21f6c9b3290c34b86d8f9ca844ef0abda14b0bf86bdc2fa77e80abe7a0f956a1e3db63dd19daeb075ee94fba0c71bd1c95

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIix0Cp\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVh70F6\compatibility.ini

MD5 1606f83a02f6295277ad0ae55801ce91
SHA1 a7758b6fc6c825fdc7b870ea13d5d1059e8a0c7e
SHA256 64073b37c9a826a26ccd16bb724595fa72ff8c153b4dd901db86be74236c7a14
SHA512 4d8f0cd3ca3b66d09451267e7bc5b2cceca5aa380a302224f0936845769d9f4d7007d0825050e32713d7f259901d0a535e7a2f3f685f52f479007a645c199477

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVh70F6\WebDriverBiDiServer.json

MD5 27e12c95bbf5178e8424869e57c407f2
SHA1 1f2b192b49e182e7ce846d289c32d2140acfad65
SHA256 9ccb245f7b550cd8ae8592a1e71fcd8746854f8a297255c8e7d1d6a5e6ecc654
SHA512 6dc2e1692b632256fb77756a81f33c9b5bdb2877973d32af7a1a582217043c1889343e3ae3b58e7a2ac9482039993e1f41890f0e040403a7eece71b090aea940

memory/4832-1637-0x000002AB874F0000-0x000002AB87500000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVh70F6\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 de8869ba5cdfdb35b58391b9ad4bc151
SHA1 285d1d8eb4973958e64d6e4af23905a64e073238
SHA256 5c72000e7a24e414db107cf3cfca2bc1718a96fa0cc51d20d3ca6807c24e7ea1
SHA512 12ec569c4444ee99b67fa30826eeed21da0f3cf196b43955756f8db791d4a12f7d77acb09c463d9dcd800a1252e7a39f2ec00bcfb2b788d086bf52acb864c554

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVh70F6\prefs-1.js

MD5 4a925c03d9c723358ceca5e589b6b906
SHA1 e921613bc3056aded17ab526b154f21787fb2dd3
SHA256 f6494a3a22242fc6a89c4f602979da4ac5212f03996c99e6998e7b407b43f89d
SHA512 da3e3d99f6ba220dfd6da5d2689aa91ad11ad575b3f389986356a9713969efbdeccbc7f43cf3076e41bed7a1182672f537765b32131ba869c988b1b359ed13d4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVh70F6\prefs-1.js

MD5 71d0ea96a9be65e57fd73324b7b04840
SHA1 16d2837078b90a88779cdffc99650b7ffa44fd19
SHA256 4ca63b87af198114676291d98abdd3009487b601c8c0e70e2972d393aa89fcaf
SHA512 2e1d5a5b8ec23c8d09fa0659b9ffbcf6d4aad8809a368b37cdd24b00f9424619d0e00ecf4b6c731358711841a038aabea940b2438386de2ec5e8b7df2b5d6d94

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win7-20240215-en

Max time kernel

222s

Max time network

273s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2008 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2008 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2008 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1616 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1156 wrote to memory of 1040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1156 wrote to memory of 1040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1156 wrote to memory of 1040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1616 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe
PID 1616 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe
PID 1616 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe
PID 2552 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2552 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2552 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2716 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe
PID 2756 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYwB0OU

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYwB0OU

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.0.1093787863\344723232" -parentBuildID 20240416150000 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {7f732668-6851-438d-8097-066ee3228850} 2756 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.1.51570712\1936928741" -childID 1 -isForBrowser -prefsHandle 1876 -prefMapHandle 940 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {2b8798ac-5a9e-449c-9fc9-f09d90f73497} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.2.1323443486\1889476192" -childID 2 -isForBrowser -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {cef66412-66c1-41be-a36b-1a9b83f19c60} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.3.1941282722\422041078" -childID 3 -isForBrowser -prefsHandle 2412 -prefMapHandle 2500 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {bc0a6208-9174-4160-8fdc-2404490b92ef} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.4.1590138682\350985174" -childID 4 -isForBrowser -prefsHandle 2780 -prefMapHandle 2784 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {ea44114a-9fda-4825-ab38-79b87be5a4da} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.5.1858902183\1424797652" -childID 5 -isForBrowser -prefsHandle 2856 -prefMapHandle 2860 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {0b4a3284-9fcd-4cfc-8cc4-dbaa5d3a3f64} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.6.656222342\1037848432" -childID 6 -isForBrowser -prefsHandle 3012 -prefMapHandle 3016 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {aae68b71-cdff-4b83-b617-95c34ce510e3} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.7.566645761\415712798" -childID 7 -isForBrowser -prefsHandle 3308 -prefMapHandle 3316 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {143fb4b3-6f39-4be2-8c37-2460ddc893df} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.8.1348030268\999208515" -childID 8 -isForBrowser -prefsHandle 3572 -prefMapHandle 3408 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {6c29a792-c96e-4a3a-805f-38b417f79ae7} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.9.1651141165\772772321" -parentBuildID 20240416150000 -prefsHandle 3744 -prefMapHandle 1276 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {55036236-4e77-417b-b43b-cef106454b54} 2756 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.10.1687602628\131233856" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {e56bffb7-aeed-4e75-bf17-d35732f5050f} 2756 utility

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.11.1825618698\2138664674" -parentBuildID 20240416150000 -sandboxingKind 0 -prefsHandle 7872 -prefMapHandle 7876 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {8c9b373e-707b-4edf-aea4-82cee3805e0b} 2756 utility

C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.0.761518605\1983680746" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {1cfda44c-f933-4fad-bff8-96233bc95aa0} 3304 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.1.454242233\182219558" -childID 1 -isForBrowser -prefsHandle 2064 -prefMapHandle 2072 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {f1860267-7fdb-426a-9e61-3c023c355dba} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.2.333426587\373231912" -childID 2 -isForBrowser -prefsHandle 2256 -prefMapHandle 2252 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {85334b97-7e37-45d3-8109-4081d4cdd52d} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.3.2119510114\1780408898" -childID 3 -isForBrowser -prefsHandle 2556 -prefMapHandle 2692 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {e9d6da1d-083c-48f9-90bd-1f3775337958} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.4.741662095\650578299" -childID 4 -isForBrowser -prefsHandle 1072 -prefMapHandle 1068 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {b12558f2-1a3e-4687-a529-401ab5161e86} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.5.351613368\144915793" -childID 5 -isForBrowser -prefsHandle 2940 -prefMapHandle 2944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {5df09931-cb32-416f-841f-b8197c507f0c} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.6.998566557\814960061" -childID 6 -isForBrowser -prefsHandle 3000 -prefMapHandle 3004 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {7c15bcf2-9540-480a-b486-854089e3da38} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.7.1889612142\140653949" -childID 7 -isForBrowser -prefsHandle 3276 -prefMapHandle 3280 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {58c20e25-7c8c-4878-99b1-e7960fffbb33} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenjEhas

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenjEhas

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.0.201038819\1983779002" -parentBuildID 20240416150000 -prefsHandle 1196 -prefMapHandle 1188 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {0d4a629a-6463-41b0-8022-e7d0d3ec2b24} 2756 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.1.1478596280\218831946" -childID 1 -isForBrowser -prefsHandle 2148 -prefMapHandle 2208 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {53a28b7f-7b1b-4481-b71b-1f48347cda05} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.2.1000260947\1418829289" -childID 2 -isForBrowser -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {057b5066-f247-48f2-b5fa-9de58d5cc3fe} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.3.475904433\726622250" -childID 3 -isForBrowser -prefsHandle 2496 -prefMapHandle 2248 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {cd9a3738-52b0-48ec-82a3-0dbda04809e2} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.4.148361421\666262755" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 1076 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {e3e706aa-6119-4eca-bb42-2ac45570d001} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.5.1846318500\1939447345" -childID 5 -isForBrowser -prefsHandle 2896 -prefMapHandle 2900 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {f88ce240-0bd1-4f8e-8e40-38945580b106} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.6.2095701647\1761524679" -childID 6 -isForBrowser -prefsHandle 3052 -prefMapHandle 3056 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {bf872a6c-9ced-4c43-abbf-04532f6f8ffe} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.7.351767169\72600321" -childID 7 -isForBrowser -prefsHandle 3308 -prefMapHandle 1988 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {6239cef3-e5e3-45e5-8620-a9322b9639d9} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.8.1440742088\737590817" -childID 8 -isForBrowser -prefsHandle 3116 -prefMapHandle 1076 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {52e6f3c4-e082-4d24-8ed8-ad34ccca2ebb} 2756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.9.990503401\1122065572" -parentBuildID 20240416150000 -prefsHandle 1076 -prefMapHandle 7616 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {25dfe4b3-95ef-4875-9bd2-34f1ab18b17a} 2756 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2756.10.673221720\451954908" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 7552 -prefMapHandle 7548 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\browser" - {6c9bc30b-9ba2-4c93-bc6d-f45b60f0d929} 2756 utility

Network

Country Destination Domain Proto
DE 31.220.93.201:443 tcp
DE 188.68.50.76:9001 tcp
LT 91.244.197.76:9001 tcp
N/A 127.0.0.1:49519 tcp
N/A 127.0.0.1:49547 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49665 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49700 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:50392 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50427 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:50895 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI20082\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI20082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI20082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI20082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI20082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI20082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI20082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI20082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpqvp4bg18\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 62eaf0d206ebe6269c82d1d8cad44104
SHA1 8d30446efb4a7b7de03bfd41364fc008929b23c4
SHA256 cb67384f01d6d0c2af76d102a6c022705c53241ba6d6513d809f6ee242f02de7
SHA512 791e2598319eaf3f2e6887a6b932968897ed2c1c15fdbf9feda8b0b797396b095d510d4c24e688ade9f4fabeba06eb63f493c3f261d8268c3e8ec5311fb71488

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI20082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

\Users\Admin\AppData\Local\Temp\_MEI20082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI20082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI20082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI20082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI20082\top-1m.csv

MD5 9e318967e45c649eeb86ef21e8781e3c
SHA1 eb98f21ebb50de00e58234cd78e04114452d6fff
SHA256 8730f2a269fde5d383215e99648b9b22abae4a1183c7a4ee77b122548f3163dc
SHA512 1b129e7c6eebfcb5100bcff146af41cc6f52832b0ee917453a12c6fc42267b179b7105e2217eecc930c897141ab575dd2db6da9b795ee29f4592126668343383

C:\Users\Admin\AppData\Local\Temp\_MEI20082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI20082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI20082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI20082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI20082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI20082\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI20082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI20082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI20082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYwB0OU\extensions.json

MD5 44a74e8970bf829dffa0d38c392a2ba9
SHA1 9061e6f84e229e90fda27ade308c4b75454e8094
SHA256 dae58e84bacf706f1e639442468d2b3fb20c22bf96b05710e5ceb35b7694516a
SHA512 a385c7ba30cd2f91f8ea1a22af95bfd56f1c715cf3136dd0c86160269a42d10249e62896b7c9b70cbf72d8cdb7a868dbf46f1bff3887c8e407d1d5822217ad12

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 caa26f8b6820e966a0f8ef348fb078b1
SHA1 11cef64f229530c6fd8a9cbe4c8a837c207166c9
SHA256 95a94a906a869da7ea21549e120542b3c6df77d38fd35dc27154f1803d0ee3c7
SHA512 0fe6b83b23ccac8434a8b8708ab9f495fd929724b92be934869c83b5767480f978e6ae563d770edf5857e2b7a418adc93ee0d581e5a94793b9b95a9d7f48e9cd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYwB0OU\prefs-1.js

MD5 a41d26c75d66a6a2df291c864718ad0a
SHA1 5decda701a9d2ce491703267a99f0d22e9d96a8f
SHA256 9c030d41e6d030ae76ce6f49a451a85dd193ad08daa804aefcfb8557573dc751
SHA512 a298cf6c64482b96544325032583642e9ad215316400f74758e208e57342bbf2dd2a4cfc53b49ab2faba6b0d2fed2c6cc46fe21ebc107f3e0a67a021004173a0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYwB0OU\prefs-1.js

MD5 cbe7398089ebe3a204c4d618004a0656
SHA1 58f2c7a138cb84a7690d3ebbbb1ec344d8c0cbf4
SHA256 304acf43ddbafa6ae315e35377e934af4533e7d75e8d038b581b30a6d8c9d980
SHA512 129d7cf1ec5982518e408b7d2fe43908718ee56f00fa68a2cf73efa9976cc3a1123b6703c08abb2f76cfe8e647e2f6202a7b7bc36e008bd8b726ce012dcd185c

memory/2756-907-0x00000000078F0000-0x0000000007900000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYwB0OU\prefs.js

MD5 a962751d1bd5b8dcb8c01079d3d142cb
SHA1 34ec300359b95513064d8584589f9e57a418fad7
SHA256 e1251222562ab95c918d1c6c4829aef8c0ea356f50fdc5ae801b4de6e1e33e3f
SHA512 3d418a728f280c4d694823c843071d141eaf0ed4f567cb7df3432a117a6d280bfa3bdef7ee81442f18212f9bdf8c99fcf15af2843185e83adc78647b13db05a1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYwB0OU\prefs-1.js

MD5 af31d2b879e67445dd7e5fba7a2ebb98
SHA1 e407de98ccd47318f4334a43acb31bf761fd67d0
SHA256 e69224c65fb430f06c159586566041ea09b798ddf0c5e0b8f204b3f586a86eb7
SHA512 20b6da5c85420693f0b92a1395aa2b01036d185165f562a0150a30b05f71d1cd9ae2fa8c925ee533397e4bed0a3e049557f0dbd7b7bc2a2fee629ec8190355ed

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\startupCache\webext.sc.lz4

MD5 2483190d091753c4fbdea54337d0a90f
SHA1 e55d26e3746dc2a5afdfb4fe8b9f24e800e43545
SHA256 f4285dec304f84e5c07e13192309e338443d1aa651f11d75907baf90381803b6
SHA512 c8b0f3b67b5254b56fbd08cd77b804953e7658d0ec59126814627f28475ad64092c5a904d910619f118a8f4a8512ac17af367e197db297587537145125061617

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\prefs-1.js

MD5 0e5e613a1008513cf38a7ec42088c206
SHA1 ed093e3cf858ebf9fd0ab91c04f9318d166d76e8
SHA256 e086d2b66816470aa635e7efa674c67198797beb9a43a7bed8fd6440ec151172
SHA512 1b61fc19756de671b81721c49432616dfad809bbd68b799902d78767a308ed7ae0a3b961ed2bf3bef230253d0e080308952dd147a97efb91db74bd7f7890db01

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\prefs-1.js

MD5 a59f1e8a39730338d989c1996af55022
SHA1 80e3daf420396b63b613f085fa2a5ef630b0041a
SHA256 9b50cd6a4c31a3911d2b51492cc61fa43735278d0993c3a51c0c6d3ac2902c52
SHA512 0711d9ac428d540b79c563a96c751f6a89515e4bc9df7c2e26a21be5c04da7f8540f2c8fc62c04b88cb6a642547044ca2a548401bff098f26a33f95d1f763d44

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevOCDg1\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenjEhas\user.js

MD5 d52c217fe080a6c996a93c7ea7c7858b
SHA1 1f27f79e3086dbbb4affff59856977c35fafd7a8
SHA256 9e21d94513701d87a2df4c6eb19afea154879fd8a194cffd1b09f07874817715
SHA512 564a3f9cbc587f409b0afcbcb5ca57f4874566b04217c6202e8d259fd7d9a2c9cdf1df087e73d6d0bd8fa65440010681526e4c8f07bb0f4d99779ecf0d7b4408

memory/2756-1828-0x00000000089F0000-0x0000000008A00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenjEhas\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenjEhas\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenjEhas\prefs-1.js

MD5 258e0dce3c835174ac3c82ab65c99b6f
SHA1 a1614a87ce64864674a200054936943fcd0b9792
SHA256 3c311d05f550445f504c8c52008a497f579581fe3e1d1ab81b8baf49b9b6b98a
SHA512 fee1f9227c9838a60c55faaf14f2465d13e6ba936e3728bbbc046bcb90469622f1f65f30dde7bbdb7476c40f6640f4f5745555ac710019040dad8b64fbe117d7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenjEhas\prefs-1.js

MD5 0e331cd4373fb4c7ce6ca03bcf240cdf
SHA1 f807e1aa0b0442a64e5421cdf071d79c82fa691d
SHA256 99628d4407e92beacf5a7bf75eb1ae18979da516e35fcf603d19be9989ba5e15
SHA512 0b58d922e6ab9530d460ec852313e7b67a089ef248bd12c28194cfa5b37f45e1b3a42c04dbe6a8fca79cf82f7ccae935a4b7e050e4a47128fbe4a3c853542a3f

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 01:00

Platform

win10-20240404-en

Max time kernel

307s

Max time network

328s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2312 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2312 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3096 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3096 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3096 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3096 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1508 wrote to memory of 1536 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1508 wrote to memory of 1536 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3096 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe
PID 3096 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe
PID 3804 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3804 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 4344 wrote to memory of 3360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe
PID 3360 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledves7y

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledves7y

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.0.2049577040\539409003" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1448 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {4cde07c4-b2aa-4df3-a29f-8d3e98f84940} 3360 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.1.665839281\1833868255" -childID 1 -isForBrowser -prefsHandle 1232 -prefMapHandle 3076 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {20f6b130-8abe-406c-ad8a-e367bd5160fa} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.2.1204057208\416287583" -childID 2 -isForBrowser -prefsHandle 2388 -prefMapHandle 2524 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {d8de9ef3-21c5-42d4-af29-564ad102704f} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.3.1612064241\1568977589" -childID 3 -isForBrowser -prefsHandle 3124 -prefMapHandle 3328 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {a22afdc2-9796-41b0-af1f-387a077d08bf} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.4.1534750994\1900518916" -childID 4 -isForBrowser -prefsHandle 3508 -prefMapHandle 3516 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {9e93d8c2-4885-4aa9-ab3b-fef6bed8a021} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.5.1709971874\457792784" -childID 5 -isForBrowser -prefsHandle 3124 -prefMapHandle 3024 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {137169e6-ac61-4694-8261-f1718a2cdcea} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.6.852458753\1769400364" -childID 6 -isForBrowser -prefsHandle 3440 -prefMapHandle 3364 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {c4d77099-8859-4b97-907b-63206a9469f9} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.7.2002805636\912493040" -childID 7 -isForBrowser -prefsHandle 4228 -prefMapHandle 3124 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {31b04966-4e93-4ce4-bf14-62dd473b12c8} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3360.8.1610891273\1657298540" -childID 8 -isForBrowser -prefsHandle 4740 -prefMapHandle 4744 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {8f952fea-9fff-42e0-be41-5fa102426c9c} 3360 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.0.1500185965\723545976" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1416 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {ee042e7c-bea9-492a-90b9-9ba9b3d3a448} 3756 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.1.1348584480\1794623063" -childID 1 -isForBrowser -prefsHandle 2304 -prefMapHandle 2560 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {3348e9a2-ba11-4338-b6f0-0c4fae07c715} 3756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.2.340909526\371515447" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {6cce4a6c-c86e-487f-ad9e-f4ea061c77a2} 3756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.3.1360012441\1998719629" -childID 3 -isForBrowser -prefsHandle 3368 -prefMapHandle 3164 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {8e3cb28a-e789-418c-9a33-3c632e0ffa1e} 3756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.4.168687658\1691455590" -childID 4 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {3ccf5a86-d0b4-414b-9090-3b93f2e00fe2} 3756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.5.1368416862\1764082893" -childID 5 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {edf3c2df-939c-4398-b266-5f2773991763} 3756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.6.1391549021\124790892" -childID 6 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {2ca3c3aa-653f-4175-a875-33eb67ad946d} 3756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3756.7.1618209751\1399781732" -childID 7 -isForBrowser -prefsHandle 4432 -prefMapHandle 4244 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {d6987486-af57-490d-924b-f6be6496c49a} 3756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHgWDzx

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHgWDzx

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.0.542559659\1929770123" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {653ea5d5-857d-4af5-aa74-a009978db0b2} 4052 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.1.880972361\1911575789" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {ad08cd76-61d6-445d-9b18-618a2b0dfb45} 4052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.2.503972759\1208158492" -childID 2 -isForBrowser -prefsHandle 2644 -prefMapHandle 2088 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {651001eb-e7f7-4e4b-8248-0f6dc319c46a} 4052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.3.1284526269\1108042308" -childID 3 -isForBrowser -prefsHandle 2600 -prefMapHandle 2608 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {e5f8c1e8-c77f-4e8a-be6f-1e0d78a71746} 4052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.4.1422777316\1627251451" -childID 4 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {1ae4f39b-57ae-43e2-aca0-c58fb12f0cd8} 4052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.5.2024779248\1657403973" -childID 5 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {a2c91a9e-59d7-4170-8688-a5f55faa584f} 4052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.6.446196290\1353084032" -childID 6 -isForBrowser -prefsHandle 3812 -prefMapHandle 3816 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {d8419d1a-d1af-43f5-b288-5a600dce0497} 4052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4052.7.1856583529\596423508" -childID 7 -isForBrowser -prefsHandle 3576 -prefMapHandle 4184 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\browser" - {30ab03d9-92dd-4a92-94bf-a52d5c5df7c0} 4052 tab

Network

Country Destination Domain Proto
NL 192.42.116.13:443 tcp
NL 37.1.201.144:443 tcp
US 8.8.8.8:53 144.201.1.37.in-addr.arpa udp
DE 92.60.36.153:9001 tcp
US 8.8.8.8:53 153.36.60.92.in-addr.arpa udp
DE 185.220.101.194:443 tcp
US 50.116.39.253:443 tcp
US 8.8.8.8:53 253.39.116.50.in-addr.arpa udp
US 8.8.8.8:53 194.101.220.185.in-addr.arpa udp
N/A 127.0.0.1:50168 tcp
N/A 127.0.0.1:50172 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50275 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50283 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50644 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50652 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50984 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50992 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23122\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI23122\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI23122\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI23122\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI23122\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI23122\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI23122\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI23122\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI23122\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI23122\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI23122\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI23122\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI23122\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI23122\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI23122\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI23122\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI23122\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI23122\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI23122\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI23122\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI23122\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI23122\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI23122\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/3360-546-0x000001C4A7FE0000-0x000001C4A7FF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledves7y\addonStartup.json.lz4

MD5 65c72889049090fa7208dfb8f06e3be4
SHA1 58c8a74259cd14eafea0661cd0a343125fe1ba1f
SHA256 eaea945ac685316b6431b980665cf54278e56ffbd093934b06744b116ecf827d
SHA512 052e265d05bc90ebb45abef13b3d0ddf0910cd56deb3892271b9b485c16afe67b643c38e0bb6575fd9af99ad4e34f8079cf0e40854bccb31788a1585367a1e76

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledves7y\extensions.json

MD5 ce551aea207d516159c8ba0c0c60aa37
SHA1 9a1ee7980d35c9437e54f0be7f569ab937f546d0
SHA256 38bd653410675769e5c9e457c2e5cc1839a5ff2dc26956f77f459a1397d84932
SHA512 d3a9a1fe1aa3ca325370bac67ebbf748cbb526fc37abc5acf1b9ae40c36424db113697ba7d0750f20791be2044a4afd8e24ea7605ff3a348ae4b7323cafb1b6e

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 e36525331cef2201a3bd20cb435af23f
SHA1 bda4aa6fa404c90203e0eb41f0963bea3951b712
SHA256 4847fec8edf78dc41ba98c35be004fd554aded14b5b1aaed72b4e78e2954ed46
SHA512 13c277992c8e949e576379c3ca47b9d34025e201c558150cc821283bb023e48b312c7aeff95a2a8a1ce013855584bef9c2ed9323a196da47fc0c3ba888451570

memory/3360-580-0x000001C49D990000-0x000001C49DB00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledves7y\prefs-1.js

MD5 76b9e388e691b66f5f1dd4523325bf94
SHA1 55e04620d60cd7d00ae4c9f21e13bd5cd54c1e7d
SHA256 02d4277f6532f68b57de1576f992f892ff7c24b99f691486112d15b9bc3a02b4
SHA512 c38ee6318149895709419057e3ad1e7b79db4a0c52b07e8834502dac0be40e3e504fc8baf9a8702bc810e6fce8632572895c464f574390eda58e0237463ad77b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledves7y\prefs-1.js

MD5 85483309b9e6e6c1632016286071133e
SHA1 d0fe0256505e94bcecf7355d45d35c3e81f17d6e
SHA256 a695758a10e06fd825b0124833283fb9883ce69b4a8a3b5142b52cc0ac6a6de4
SHA512 6c01b3a2fea68878fe8124486a7ad61d1cc5c04b94ce43e602ad64a11d7b50f96cf7f3559e36132b3f528e16207540c4b235747bf772c2181b9d0ad90a81e341

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\prefs-1.js

MD5 8160075f0fc0b3173bfe5c9d493ef82b
SHA1 1ba10cb632205bda8315ba5969187e9f66c28d4b
SHA256 91feeff40f4e4e63b15b000dac20b98a254a50577c61e8d2422b0311ec21859c
SHA512 54775dea4f08349e148997447709016e938f6ebd54c0e1c836b196a9bc4e82aa9f08c78df80cb4b4edcd2af5ea7f4ce8ac6ac17ccb335f1d5496e17e4265e086

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/3756-865-0x000002082AEE0000-0x000002082AEF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\prefs-1.js

MD5 35e2dec4bb898dc06efc404884489612
SHA1 2268809fda41a6bad2625e013aeffacc0b3eea6a
SHA256 332cbfaa1b900a6897951b8d53c361a5ccccce81110dd5885611a18ffdef688a
SHA512 dec1c1f5b57b1d078303fe687c58dd78faf3cf261dbeef5ceb4bc6085c68fe264d27b1cc3550435ec15ad39cd2de7eb932a000f3cb1cc4089525935efa3d3338

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\prefs-1.js

MD5 9e1c938163f117d672d96f0e18e3e102
SHA1 5e9dbfa0af418eb4f98ca35542cf600b6c1a4556
SHA256 053c2693270c2fb0c79b19a879fe56d0f5cff458f59112eee3e12ce54c3c0a17
SHA512 d3dc9baea8e4e64be4c76ae680d22f2bf77e0f697870a0e5efa17558c4c155f7147c2bf8a5e1536c255bf7fed3f812845cfe2943f9fcc2915af8954cadc90f5a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileavMYjP\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHgWDzx\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/4052-1133-0x000001BDDC1A0000-0x000001BDDC1B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHgWDzx\prefs.js

MD5 7976342b2cdfe7f4f76a3b4706f66f54
SHA1 30612821fe99e54e6cf1d552af82a6083d6550ef
SHA256 df14d95cf54f3461a6acd2973c7baceb849ef7fc132e775c3291bcabc77dc1fb
SHA512 0b6b0773f51e7291188e28a860745e87ae6c0b9a32d511a6ae90521df6a75599cf38e5ecb84a16ab8d672d130256001258fedb646baacb1bd601c33544d36eb7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHgWDzx\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0