Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-a5mh4agh8y
Target medium.exe
SHA256 335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb

Threat Level: Shows suspicious behavior

The file medium.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks whether UAC is enabled

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 00:49

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win10-20240404-en

Max time kernel

294s

Max time network

313s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3908 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3908 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4672 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4672 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4672 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4672 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4316 wrote to memory of 2244 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4316 wrote to memory of 2244 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4672 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe
PID 4672 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe
PID 1676 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 2464 wrote to memory of 4420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe
PID 4420 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.0.1595657673\1581619920" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {c4df6b52-7280-4ef5-953f-9b0b60564a65} 4420 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.1.1970975042\838514657" -childID 1 -isForBrowser -prefsHandle 2284 -prefMapHandle 2300 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4c7a2568-729f-4289-a545-473b73fd17cd} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.2.2074687790\1804031033" -childID 2 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4a93589e-f37f-47a9-8ddb-cabaa6e09784} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.3.100672917\1131284978" -childID 3 -isForBrowser -prefsHandle 3200 -prefMapHandle 3212 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {9a623049-6afb-4f60-9508-84dfcf381561} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.4.1326603831\2028456383" -childID 4 -isForBrowser -prefsHandle 3240 -prefMapHandle 1360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4c44fc5b-482a-420c-a2bd-ca7bf4347d04} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.5.1651824187\1271388784" -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {309a9ce8-1734-4d51-b504-b86777a1956b} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.6.1901540712\1969050833" -childID 6 -isForBrowser -prefsHandle 4048 -prefMapHandle 4044 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {b4c43833-af9a-4c64-9f13-f28a0870d1c0} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.7.929732500\798663589" -childID 7 -isForBrowser -prefsHandle 4336 -prefMapHandle 2992 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {ee13eb8e-8330-4983-881d-4051e39da39e} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.0.1761924575\559381538" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1384 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {6b0fd846-d5b7-47e0-ab97-b5dce7e44ef8} 4604 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.1.1933408269\1657245765" -childID 1 -isForBrowser -prefsHandle 2548 -prefMapHandle 2120 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {0e5f1f81-42c4-4cf4-a658-5d8119cfc4f1} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.2.1294183132\119371080" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {5294d11a-7f9f-4a2a-a354-babf75a3733e} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.3.1073688790\511847703" -childID 3 -isForBrowser -prefsHandle 3544 -prefMapHandle 2964 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {536940a1-734e-4dd9-be80-3bd8ebb930f5} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.4.1391498712\2099871471" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {c6ff206a-0e5f-4635-beb4-f61aeb6e36fd} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.5.1878019440\2002755647" -childID 5 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {a259eb82-6536-4859-a1f7-985bc922caa4} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.6.906855643\327984882" -childID 6 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {e689668d-aa6e-452f-be4e-8867f3162ea8} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.0.787542504\2117112804" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {4343f974-6726-482c-8137-679384250b5b} 4408 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.1.2135893892\1784234809" -childID 1 -isForBrowser -prefsHandle 2476 -prefMapHandle 2388 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {92c8546a-8e0d-430b-a445-20e6deff90f3} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.2.1368338855\1786488142" -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {62f636c9-76c0-4c6f-8a50-1fb99a078fdc} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.3.1731612133\754290052" -childID 3 -isForBrowser -prefsHandle 3000 -prefMapHandle 3004 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {dc754aef-312f-4d1b-b17a-d648dcfaa02f} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.4.1605365986\1959574833" -childID 4 -isForBrowser -prefsHandle 1356 -prefMapHandle 1348 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {9614316e-28fd-40f4-b4d5-6475d7ac3351} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.5.1106111881\21559840" -childID 5 -isForBrowser -prefsHandle 3788 -prefMapHandle 3792 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {64e10dda-423d-4a86-a05a-15d8d7b36e9a} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.6.1465756110\1003316717" -childID 6 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {154373bf-d19e-418f-9493-012f0e5a4711} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.7.379136237\943424819" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4456 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {b2610d88-61e0-4075-8709-ce0fb9d35c17} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.8.2027311699\241694263" -childID 8 -isForBrowser -prefsHandle 8472 -prefMapHandle 8476 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {d3352c5d-c2e9-41e2-b0ed-ae45ca4fc6b4} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.9.1910969622\488557380" -childID 9 -isForBrowser -prefsHandle 8348 -prefMapHandle 8344 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {fd4322a6-a1da-41d4-b0d1-b0a1e4ebbf32} 4408 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.10.70868800\1303082400" -parentBuildID 20240416150000 -prefsHandle 3316 -prefMapHandle 8096 -prefsLen 27451 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {957fb6b1-f46b-4e2d-b963-c38844ce261e} 4408 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4408.11.695787663\2016467494" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8248 -prefMapHandle 8112 -prefsLen 27451 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {e0aed959-498b-4572-9836-f1b677f49a69} 4408 utility

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe --port 50031 --websocket-port 50032

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50032 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.0.158924286\1143800926" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {828cd57d-764a-42fa-bd46-cb875d6cb7dc} 436 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.1.1036918295\2086409700" -childID 1 -isForBrowser -prefsHandle 2520 -prefMapHandle 2536 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {8cbbb39e-40b8-472b-9c5c-4777aad3d9a4} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.2.654818997\1227092361" -childID 2 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {1353ca01-614e-4576-8c4a-c8429c627d39} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.3.2006814689\853731029" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3432 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {856d7447-a722-4418-bd08-ebbcad659bf7} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.4.1492353684\552837468" -childID 4 -isForBrowser -prefsHandle 3260 -prefMapHandle 3592 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {69a7aed2-6fc5-4c54-a642-aa4633c2d24a} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.5.651455128\1626652056" -childID 5 -isForBrowser -prefsHandle 3808 -prefMapHandle 3812 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {918ec8bd-1deb-4930-96ac-5bb03b4aba7d} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.6.1829546109\1876877369" -childID 6 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\browser" - {0cc4f206-31a6-4c2f-9dce-09cf4c5f007e} 436 tab

Network

Country Destination Domain Proto
FR 144.24.197.112:1984 tcp
US 8.8.8.8:53 112.197.24.144.in-addr.arpa udp
FR 62.210.123.24:443 tcp
DE 162.55.131.67:9100 tcp
US 8.8.8.8:53 24.123.210.62.in-addr.arpa udp
US 8.8.8.8:53 67.131.55.162.in-addr.arpa udp
N/A 127.0.0.1:50134 tcp
N/A 127.0.0.1:50138 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50239 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50247 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50562 tcp
N/A 127.0.0.1:50570 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50031 tcp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50811 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50819 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:50031 tcp
N/A 127.0.0.1:51189 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51197 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39082\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Local\Temp\_MEI39082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI39082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI39082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI39082\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

\Users\Admin\AppData\Local\Temp\_MEI39082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpm0lwzh6b\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

\Users\Admin\AppData\Local\Temp\_MEI39082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\tmpm0lwzh6b\webdriver-py-profilecopy\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\tmpm0lwzh6b\webdriver-py-profilecopy\favicons.sqlite

MD5 58ebb9739e0ca39fcde0bb33c50ae5dd
SHA1 faf095fcda0ec55c0449f0cc4c120cf3c159b202
SHA256 572835e9a494ab80d43311dc7cc848edc999a0dd8cea8aa71ba348cfbf277541
SHA512 1fb48a48b55985784bf201d27207573e3a3b8f8bb39506e8c414149dd9ca79fbc46cee84d7253ee56c3cc71bdb2659a5a923cec0a984bcee0a507c74a595effa

\Users\Admin\AppData\Local\Temp\_MEI39082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI39082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI39082\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

\Users\Admin\AppData\Local\Temp\_MEI39082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39082\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\_MEI39082\top-1m.csv

MD5 bde8be24d19b6f197ca175d49f57a2dd
SHA1 2b14d577ab3ed746b2a67db0bc01dfdcb67ba07e
SHA256 6e656f6cbdf9f7958807acf42e5dc8ff9d3c35f47e76b4c4a096cf1a0f64ca5e
SHA512 0133386681d09db3c25c12bc1dca9054a6ac4b9aa019e0073460416961185c566e83b10ccc623ae088163a6eaeb5156d9095e72e374081bc63a18b76fdb75923

C:\Users\Admin\AppData\Local\Temp\_MEI39082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39082\nss3.dll

MD5 fd012b8e98a8a2ca935c5bfd8583ed72
SHA1 3dd493a8c536cd5fdd0aa387488435fb342835dd
SHA256 19096ce19fc9d4144638bf2b0b2b02fb29e5f01cc85b9099c82a693349ae1d35
SHA512 f476139139cc770d0aceefbc687ed6a2397dff2ee7d255fd1432169ff3f29e94f337a2f2b0c6cd96887cdeb7a7ccf586b30b07d652de90850535e6379dc22f52

C:\Users\Admin\AppData\Local\Temp\_MEI39082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI39082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI39082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI39082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI39082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI39082\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs\extensions.json

MD5 5dbd14515bbcdb2b2cc0d957a66ef2b9
SHA1 f894a1b1e64062378195cd08d7df681b874ff7a9
SHA256 a0a4d21804194951df1af70af0034476c06533e2c78a8b01ba218d07a3b916c4
SHA512 90ed6069487c448edb264ec76f1d3aec74ca1f965afafd5c2f27c6bb121360808b6c34002fc53b16b5133f6aabac9cc89c6bf94cbb4b32446e81eac2720cc84f

memory/4420-540-0x000001CDB90D0000-0x000001CDB90E0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a2730c12ef735a2f8f6fa56a0137119b
SHA1 f32ac0d66162a56916b95ec71bb0929c8468b119
SHA256 364f617a211d690b41223b860ce140a36a43d225522155f4eec1956ab3a8b7a5
SHA512 c7068c90b8446463a0269f1c4bba7d0be94e36be0758ee8f619feae6130fb5ca90f4ba1ae2fd2dae406ceb08040e65fbbf461b0ee5213d214f6991f635475ec1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs\prefs-1.js

MD5 5fb39406fb438a062eba12839b1431c7
SHA1 a6f989b2935c188847f6a6b13d463200f02b5933
SHA256 0c6fd4f2229bbc1f692d7d9e1c80151408c0556cb04b6ff24dd26b8690b1d65b
SHA512 75b06e161cac83de4abed971dba75ba309d2085591b8b739f3dcb314ca8ff6dd62f1ab31431929e0669da1f3f0bb7276d5777eea73b1f470e0e34ab26eccda75

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezJ5Iqs\prefs-1.js

MD5 1b2539972d585e9963c8553afe9fc107
SHA1 8cc69522ced2c6423571135daa304f60bd4d7bef
SHA256 b6efb3319c1b5f9f4c770a71d82826878204268daff7a6cb8290a2f7a88eb27c
SHA512 c3459e26fd77a17c25de97d0ad69a1fa0e16363a4065fd78b0972d3b04ef7e54f571fffe19f605d906da6b165bbeaac91d399be43942e088d8c31cd5b1e37f1b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4604-835-0x0000017F77690000-0x0000017F776A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\prefs-1.js

MD5 c403576e28735918cfa69e2a7cccc709
SHA1 2040223f5469fcb8a161fb507c19435451e85653
SHA256 5f78496d9b48e90c7da72347fa1097325beca31b2f644f1cef17176f2efd518e
SHA512 7814a9409dc8f0b39fce08b37d5d55dc5f267563dc6780b6fc55f1a139f36f55039c1387f534f64e8d443f70842a7c14fbb087a7254ea187a457a7a21bdf5c09

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGOTkco\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

memory/4604-916-0x0000017F6BBF0000-0x0000017F6BD60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\user.js

MD5 5aafcb2bd07f2a260ce21cdd58bfdc38
SHA1 e0c181e028c20d5eea62f57a0742c168f3c066d8
SHA256 8408523fdb6a7da16676d8885d1c44b41af1e892fc455b232457a86c8cb807cc
SHA512 57232ea0d3fa1f40cdc9a3966c7a4bcb10e50d3b8b76cc67264bcf0250716848f872e96d0c49ef5bb75bbb0e2b72bd12b3fd656076a97e8ce769d484259ba743

memory/4408-1065-0x00000213B4780000-0x00000213B4790000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/4408-1131-0x00000213ABDC0000-0x00000213ABDD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\prefs-1.js

MD5 8a27674ede190f80dba6334cd7cc5fbf
SHA1 4b68012d03841b8ed153a323b4a4ea8a242a7ef2
SHA256 83fce9c662bf3529b7ad00cda46be8e71dd383ac40f8013af064abcd79389245
SHA512 5d92210a521fb09be4f22a35011d30e604387625e1e5405a8362348457adeb177b4ba6c374c7f3c4fedd543bbe09282743ade676141912e0116954a428a98c7c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8bAzJQ\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\prefs-1.js

MD5 1bece7d50bcb6dc983230816742b6644
SHA1 065495abfc109af3e5e6fa53c14458baebcf2af9
SHA256 7ac95995ae030238ea6d3cbf1b0d1da2427d33f77f076e2a8058b2ac91f78746
SHA512 065b1047b634b66ac00a41f15db681f37d5ac9ff42ddecf7e0dbd830fbabdb94357b2cd74760c1a82fbdb54127ee13c842920aa6b224187377f9cabb6bce8f9c

memory/436-1367-0x000002A2282A0000-0x000002A2282B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\prefs.js

MD5 f9404e84efc5c40ea840ffcd969b79a0
SHA1 9614ac446ad555c42336d4664d71274cad5dcd1a
SHA256 9c7fbc74ac03e05805b4e904bfc934c523092d4c5a22d1e5f238f74645c59d65
SHA512 47655274b961f84f8cbbf79cebb493b74b8b9e5047724f215e91ad302ea1b8fd7bd853ab14c8180e6057e48611e3b64313ce116d984b94ef6f7ba811d6309911

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezIIr6G\prefs-1.js

MD5 02e3f139faf0733078aedaf3badaf593
SHA1 356ce2ac70ffc39ed750ac59bcf1fdb6fb901be8
SHA256 d5aa43ee7c662d2ee2d53e80015db3ece6b161e2cbd2468872fd8388c9bf0c84
SHA512 ef9b1c485f72df8f9e1bb2e5431e651b7f25c3502bf89b12bb38124c441e9268f78f12d3fc14ceea452e949edb2c7fdcdaf8e7dc23bb0aee90fbabe671977a17

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win7-20240221-en

Max time kernel

290s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2320 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2320 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2320 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1180 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1180 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1180 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1180 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1180 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1180 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 724 wrote to memory of 1144 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 724 wrote to memory of 1144 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 724 wrote to memory of 1144 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1180 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
PID 1180 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
PID 1180 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe
PID 2828 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2828 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2828 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 3032 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.0.876650180\1736432557" -parentBuildID 20240416150000 -prefsHandle 1240 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {1fd0899f-1731-47f4-b722-246f2b6a976c} 2832 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.1.1403696754\766619675" -childID 1 -isForBrowser -prefsHandle 2144 -prefMapHandle 1848 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {6bd55f2c-050e-4408-bab5-7486b6fd4b05} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.2.955549751\58059209" -childID 2 -isForBrowser -prefsHandle 2432 -prefMapHandle 2436 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {2a3b2eb4-d8a0-4f2e-a872-1ec2a7b63aa4} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.3.1236634389\241981072" -childID 3 -isForBrowser -prefsHandle 2624 -prefMapHandle 2628 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {39698b1f-7021-4789-82ba-1811fc08209d} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.4.1773549189\318622364" -childID 4 -isForBrowser -prefsHandle 2760 -prefMapHandle 2740 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {70e2c484-4c68-4fc1-8812-6babd14ded0b} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.5.1750631815\1390132751" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2932 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {7e43b7a2-9ed6-401a-a6b0-f45fb3e644dd} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.6.2071788780\305883405" -childID 6 -isForBrowser -prefsHandle 3084 -prefMapHandle 3088 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {3b6fa4fc-114c-4915-975c-e107f89e6bf1} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.7.1219592774\365436563" -childID 7 -isForBrowser -prefsHandle 3284 -prefMapHandle 2932 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {be97a13c-597c-4ab3-94da-d26bf76b94ca} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.8.783827990\1360612202" -parentBuildID 20240416150000 -prefsHandle 3672 -prefMapHandle 3692 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {ed7fc7d1-7b0a-48b7-919f-2ab0574f2a02} 2832 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2832.9.2117990605\1513303142" -childID 8 -isForBrowser -prefsHandle 3852 -prefMapHandle 3588 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {25a686ce-cb1d-4104-84b2-adbb5c44145a} 2832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJOKjh

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJOKjh

C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.0.1617692935\861834056" -parentBuildID 20240416150000 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {e68d97f9-6db0-4bf5-81d7-16cd9e2593d9} 3108 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.1.1321784223\744008301" -childID 1 -isForBrowser -prefsHandle 1708 -prefMapHandle 2104 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {b8e3e906-de6d-4e45-9555-44b309bebb12} 3108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.2.1814363179\1754532561" -childID 2 -isForBrowser -prefsHandle 2340 -prefMapHandle 2348 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {9fd47212-e5ec-401d-8c81-9beca97940ca} 3108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.3.1958007551\2102887362" -childID 3 -isForBrowser -prefsHandle 2720 -prefMapHandle 2336 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {1b296654-bde3-4291-92ef-b31a9ac1da1c} 3108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.4.1833407492\163634812" -childID 4 -isForBrowser -prefsHandle 2812 -prefMapHandle 1088 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {6c48b6f9-76a0-4e3f-aa95-d89e99b116c4} 3108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.5.1237110439\1232016584" -childID 5 -isForBrowser -prefsHandle 2936 -prefMapHandle 2940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {c2c6f1ad-d9cb-4578-9ee8-035e4ad395d7} 3108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3108.6.1382467240\274744218" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 3104 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\browser" - {94b7e37f-de89-485b-bd12-4fc95d7daa52} 3108 tab

Network

Country Destination Domain Proto
GB 57.128.174.82:3333 tcp
DE 176.9.38.121:9100 tcp
DE 91.143.83.100:443 tcp
N/A 127.0.0.1:49512 tcp
N/A 127.0.0.1:49552 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49664 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49699 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50395 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50430 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23202\python38.dll

MD5 98519a6b1b8c3cad048f71453b1211e1
SHA1 b16056a5135e9b41af5dbb69042b106b27e33f3e
SHA256 45d6a5d807367599364c608dc062c6ec81def71f47c495f5d4f9eb15ad58d448
SHA512 8e68a1a01154775326e44589b16ce99e777f6aa4f2844e9ec7763de8a55dd56b97fce30a6c7340f24c51fe4c969f78dc8c53b87face365b7f7e07ff7c6528092

\Users\Admin\AppData\Local\Temp\_MEI23202\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

\Users\Admin\AppData\Local\Temp\_MEI23202\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI23202\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI23202\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI23202\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI23202\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI23202\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe

MD5 877fd0975fbf37a578a6f91bf17ff89c
SHA1 e8f17c51a254c5ab8fab086489b3ab1033e329f8
SHA256 ee2549b8bb4dcd7dbad32cdcfee35df711dbb0389a48f4226993fb2f05d0e106
SHA512 18fda4d15be520a33438a257f3c2508c99720031b8d61c4d42105ba37dc55b86e4d9a93c2e25665fafe4acfd17ad255f0422ec47f6116314b0c4b15944a86f61

C:\Users\Admin\AppData\Local\Temp\_MEI23202\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI23202\libcrypto-1_1.dll

MD5 9745a302ba079a1da099ca5bb2d29e67
SHA1 1180e5767cd3a3db0b482c351fb3b0731c79139d
SHA256 c3a6a2661986fea8dfadf20fa682ae75a7f779e8465742079d37a2d7a2152380
SHA512 dd2ab9d7cfd10f4b1228910a2db481060f2352fba78b95d193b915b2ef601aff421f662b7c446717ff4a279299b5c319ac74ad16d1493fd9f026602dfa748de4

\Users\Admin\AppData\Local\Temp\_MEI23202\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI23202\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI23202\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI23202\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 86f78270d33684e7d6e0064174e4a4ce
SHA1 f5dad63848bd72f57b7cef3a6c5b3d3f862e8f79
SHA256 5b5ff53489a2b6fedcc1ae624cdb6d9d9a8d57e667c09f56914717c137815680
SHA512 4e5d1a30c4029b78e09bd2ae133b3c0102d870a62eb759a957159c44c5765928931adb926afabfb73e02c6e72dcc7b6bc5be248a19330c3cc675d3953866e567

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 bffaf246d2b317dda1107fccc0262705
SHA1 15c79bbb177ab1a81a270a3de4974be8e0c1f34b
SHA256 c3553ebe48de214eab889d6f14f35d045da203f3dc78dfb2092cc6fd33165a2b
SHA512 5b29c5d3d30628e0f0bd34e749a29363fae01023633e8f496c653fb557c9c09933876f2542b1969e285683d37abeb394b42eaf0b1c0a15e64310effa2db0da3a

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

\Users\Admin\AppData\Local\Temp\_MEI23202\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp2ksam8ct\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

\Users\Admin\AppData\Local\Temp\_MEI23202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 03e2510e66fa7eb48f43e359f5a21fa1
SHA1 d72c6ad44bb13efc50622bcb4991f132f3062fbb
SHA256 e11dcae1fb4da440922faaed3b29302f128209e34db10a627ed407c91d891a98
SHA512 28d600811f378fb8a9cb126f560893a285d62fe8c3fb9dd86110af7c7ee2d1b440f923949099d7503fd7c78f1270341c78ceda43ab9fa4c6a2481062fc57d573

C:\Users\Admin\AppData\Local\Temp\_MEI23202\unicodedata.pyd

MD5 74f0f14027b885ef241534fa196562c4
SHA1 ce3b7da95afcc5d5a1ba98b3559838fd5c590ad4
SHA256 0699d54b62a6af51ba3066d2234cdd0993888e96e508f6601bbc072c5ed850c5
SHA512 44e53181dbf565f374ffe66f8963d2e48733325df23fd0d4e3d4ecc23a7dcbebc5553a8aba83e918a59263c43a29d2873f252249e43d20525def232fdff0ac18

C:\Users\Admin\AppData\Local\Temp\tmp2ksam8ct\webdriver-py-profilecopy\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\tmp2ksam8ct\webdriver-py-profilecopy\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI23202\top-1m.csv

MD5 e332a31381c6ca9db2b50f1ce430d38d
SHA1 f89de1dc4757367477344ec569983fa8004de7fc
SHA256 499a94f6ff83bcd4389e3e590c146a19a51a10dd4c12f077e7510aa209a5bc0e
SHA512 d7f14f04fc25fe85a3981eefca46a6bfeed806447a9c443347572b9a7dd5e8ab038c77e07f4413190b5e4ad0286d7d83860bc51ed516a29f962df80973005ca9

C:\Users\Admin\AppData\Local\Temp\_MEI23202\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI23202\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI23202\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

\Users\Admin\AppData\Local\Temp\_MEI23202\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI23202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI23202\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI23202\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 583bbac938048639702bcc90dceb8a07
SHA1 31c535418288476ea97281f4dbda387c13330d8f
SHA256 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3
SHA512 ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29

memory/2832-688-0x0000000009690000-0x00000000096A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V\extensions.json

MD5 44cd7ddca6e5747a3639391dec0c59e8
SHA1 20c0086bf2fd28e420e05740abfe89c8268ce1be
SHA256 0899dc35db91f9007d78fb995dcb1c23e53e61c1c36b93d2e09c477707524b89
SHA512 a841b3db702b0e91fc76726801915ead1a4b57f74ea931cc0104b3571e670aaec275065ad8f82571ef51be64ec4ac15aba56df5bc9619c85deee2b04be0c1c2c

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 15ec240a0bc77177400b6720c0a1e324
SHA1 045fcce2a98e9f1f17da7d79f01a79cb6ba78520
SHA256 c505a40bfcdea956917b8f6e4c23e1d82ef17e328f0f19454dd3e58b8a74b218
SHA512 4cc801bbe55c810c32230d5be7d8138a8034c28ab67fcf5b35f6a7e6fce4ded2cf5985b25cfa29f2b5a09b88268f524cf67cb51d27afd0a94cd88e08739ff7ba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V\prefs-1.js

MD5 545d07043c5482fc74dda1cac44b9e36
SHA1 bfe0f786aba9b6e67eacac9f0b0633908b7d5abe
SHA256 c7c4b90ef66439e65930d1db2f6847aaee7c229f8fd7b3555160ef8c0bfe44e6
SHA512 dde8319a9eb159e2ece57e7309e3c6e7cfb4e3e447d628679f959672da66410fc9aa972e26911ce68e24095a1e164efe9a2f114d4818cc4ee92bb7092e450e5e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUqGw7V\prefs-1.js

MD5 1e8d67f66a9ad7d62ea51b777492ab12
SHA1 5cc1a8e24223ff172a21181a14bd9e3090da1e9e
SHA256 1b4850dd3d106e801f2bdc6a3f690a6d4e9f0ef3b7a6e5a82a28a4536f6e66d5
SHA512 74fc39efa32a9dda7ef73e2ee999c009b6463908d323d467588f16f63f521316b3e0a4c5866d1205103da1664734e8f37f98ee13fd0fc2a11fceb0bf5cb60e3a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/3108-1330-0x00000000075A0000-0x00000000075B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\startupCache\webext.sc.lz4

MD5 97f9b79d18713aaa1dbc3f1888f7bac9
SHA1 658719bf33229fccc8effc78876b66a84b58c097
SHA256 e172f74f11ef747062e3c8fbd6f128e72172bdd553fa4079c9c9eb0840a44f3f
SHA512 fca6e40457651af27e1ad4fbde9711a74922e788809036c11f7547a733314d5247293af312f840625815baf8120a48dd28424a380ee2d6d0011a09d27e9b1816

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\prefs-1.js

MD5 e83eb6fd0150357580f1647e5e798fc8
SHA1 78e24d570e60cecad25a0f19d05c4343d00bb20b
SHA256 555e448eb2ddc66f6c4351d6ae0cb0e42fb200023ff9b1b734b5c8fe76e390cb
SHA512 a910f07f031c836cb68c7236f0cbbe936cfc26b455987efd6b71b456ac9f16114a1a57505c6c8556ea125340dcf2c9d5819b1fdba01d7bff0007a3b83b8aac44

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1z0D7b\prefs-1.js

MD5 7089dd296804477fcc99a0b4a0fc12a7
SHA1 8d71d50d23bb23b6e4d130cad0d14f9a8bf146ec
SHA256 5a24c7c1aa301164f62218cf6b92128a57ea0f50bbb29a022a7fd11ccd67564e
SHA512 54abd3022ed2dea0b40a2cf555ea1021b58aac9f16712510bfd5fe0cc202c49742489384645b2426b59fae1b433bda59d3d6a78c1938f2829d4b8c2417dafc39

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win10v2004-20240426-en

Max time kernel

293s

Max time network

316s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1624 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1624 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 768 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 768 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 768 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 768 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2792 wrote to memory of 1752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2792 wrote to memory of 1752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 768 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe
PID 768 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe
PID 2472 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 400 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe --port 63426 --websocket-port 63427

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.0.1022355978\1974691171" -parentBuildID 20240416150000 -prefsHandle 1648 -prefMapHandle 1640 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {e31ea64d-d4e6-485d-8e31-ba09b21dcd1e} 4208 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.1.176749556\796463055" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {d969a786-a51d-4d9d-9c7a-0b30a87b8b9f} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.2.896472392\1478810316" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {db62fad7-45bc-482c-9d28-a6c30770aa90} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.3.1850860694\1765701187" -childID 3 -isForBrowser -prefsHandle 3312 -prefMapHandle 3296 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {202fa04e-5cc1-4172-a986-81f969db97c6} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.4.1099717792\1401659809" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {b63127b3-b4cc-4d0d-87fe-ad905f29be11} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.5.661251937\475827569" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {f578b656-41fe-4093-b916-712353b4b004} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.6.705364615\11428022" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {cf345e4b-31c2-40d3-9621-6fb500fc8241} 4208 tab

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv zY5fA4N1SkGi7z5FPEeREQ.0.2

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.7.1066179093\1056109668" -childID 7 -isForBrowser -prefsHandle 4452 -prefMapHandle 3796 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {a205c7a9-33a9-4c36-a532-7afcee82f61b} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe --port 63426 --websocket-port 63427

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.0.1526853930\1637177862" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {ee546933-0f93-4d90-a617-313f39c2e473} 820 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.1.373457113\113231738" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2640 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {d95f76db-8fcc-4fd0-904a-2ea9ae229fc4} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.2.1021787022\1941531287" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {fee7829f-996e-409b-971a-e82a8835811e} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.3.1437879802\775342460" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3640 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {077eeff8-55aa-40d0-bc7c-9228043cb80a} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.4.825663629\1650000408" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {04054238-69ae-4b7a-b896-43b3cb8599b6} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.5.711322509\2024960459" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {64787666-4a6c-4c4e-85c9-5c054a6c5b98} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.6.2045790508\1527551925" -childID 6 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {15acfe2a-ea48-4b48-88d5-8eb17ad7549a} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.7.890614114\1671855028" -childID 7 -isForBrowser -prefsHandle 4380 -prefMapHandle 4588 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {a773b112-53f1-4ec7-930c-6f68d0116a1c} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="820.8.1706413509\1471491928" -childID 8 -isForBrowser -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {f7f5f7c7-3d6e-4742-9949-f9220279af7c} 820 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe --port 63426 --websocket-port 63427

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 63427 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.0.1500884867\695054457" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {afd044b8-0ab6-45e7-bbe3-daa249b37bda} 3016 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.1.1233193585\418031198" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {33920767-431f-41c4-ae23-25aaae68ab63} 3016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.2.2062975279\488134226" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {2cf689d3-435b-496e-8203-b078506fc977} 3016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.3.664787732\57800110" -childID 3 -isForBrowser -prefsHandle 3328 -prefMapHandle 3316 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {5e3e7bde-cb29-4f53-8276-22825e39d0db} 3016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.4.1498208230\713168474" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {31921933-3224-4da9-94bc-2e04ed1e7257} 3016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.5.371516086\1486043154" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4044 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {0795ccdb-2004-4ddc-b405-986696be88b5} 3016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3016.6.1973686452\697860662" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\browser" - {06e26fd2-92af-4e4e-bef4-c257132abd81} 3016 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 206.217.136.47:443 tcp
US 8.8.8.8:53 47.136.217.206.in-addr.arpa udp
DE 146.0.36.21:9003 tcp
US 8.8.8.8:53 21.36.0.146.in-addr.arpa udp
CA 158.51.121.164:443 tcp
US 207.244.78.230:443 tcp
US 8.8.8.8:53 230.78.244.207.in-addr.arpa udp
US 8.8.8.8:53 164.121.51.158.in-addr.arpa udp
US 20.72.205.209:443 tcp
N/A 127.0.0.1:63529 tcp
N/A 127.0.0.1:63531 tcp
N/A 127.0.0.1:63426 tcp
N/A 127.0.0.1:63426 tcp
N/A 127.0.0.1:63631 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:63643 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 52.137.106.217:443 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 52.137.106.217:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 40.68.123.157:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.166.126.56:443 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 40.68.123.157:443 tcp
N/A 40.68.123.157:443 tcp
US 8.8.8.8:53 udp
N/A 2.18.121.24:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 127.0.0.1:63426 tcp
N/A 127.0.0.1:63426 tcp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:63426 tcp
N/A 127.0.0.1:64023 tcp
N/A 127.0.0.1:64031 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:63426 tcp
N/A 127.0.0.1:63426 tcp
N/A 127.0.0.1:63426 tcp
N/A 127.0.0.1:64392 tcp
N/A 127.0.0.1:64400 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI16242\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Local\Temp\_MEI16242\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI16242\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI16242\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI16242\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI16242\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI16242\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI16242\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI16242\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI16242\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI16242\top-1m.csv

MD5 59ed227273283238e854ee930eb29494
SHA1 c479e03001104581cbf9f88298e16d4bedb9aec2
SHA256 287f91ed048f10d66007d897938ec3a02c63f57ffc6ad87a92d9a33d36a9ac09
SHA512 1fe011f6eef5fd139883cb15b3c1a1fcce2aa8721d1179e58de6a7bf99bd3019b76842c96f18ec6af6ca97d01877290a0312ebcbae10c299df897822c646816c

C:\Users\Admin\AppData\Local\Temp\_MEI16242\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI16242\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmph718wugy\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI16242\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

C:\Users\Admin\AppData\Local\Temp\tmph718wugy\webdriver-py-profilecopy\favicons.sqlite

MD5 5e9c3d3afb472da8bed188ee743229c2
SHA1 68fc3bfdd38f953dedda2a4b526bac2d4cdf0484
SHA256 f115429bb943c3a6022ae1430437355f20bb4cd87611d2fe5c084e361e35d007
SHA512 f1f6821835ef5d3fb2562e3c2bb91225a7672626de5b4007e1b3483f5e2aaf76bd966b4cf1dfe9e022630026d1194afb4bc8947dbbe14d01a07f5b3e3c97dd61

C:\Users\Admin\AppData\Local\Temp\tmph718wugy\webdriver-py-profilecopy\places.sqlite

MD5 b5c12d055da1a860c64e12fa500bf3df
SHA1 a609d35d60c8fb3b95e1c6d8d632ab4abcb56577
SHA256 0d2bcf89b48e95fe3b4a9b58e6cd24c1731559bd15f43cb3adb7421f67f00ee6
SHA512 0c0c75e4048c51af99ca26f7eae072ca4d432b09802cab168c467ce1801603594046e1a873502546d76e7b573a182b47a145ef885a3b12c86cebce751a84a303

C:\Users\Admin\AppData\Local\Temp\_MEI16242\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI16242\nss3.dll

MD5 aaaa596833fa9b0658528255a7d456b0
SHA1 083738ca5b627fbc777c8015b4b5c5b297139926
SHA256 db0c12517358daeaf02663ec235b02e265736f4f1c875469e065d869c05bebfc
SHA512 e1b9fbfc9d9a3bebac38777dd29c28d3725ae918bff02ca44d62c8a190fc235c59e66115bf6fc41ce888cf4145e0445c398b0fc159bdd2b78484357ca8cfa2ed

C:\Users\Admin\AppData\Local\Temp\_MEI16242\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI16242\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI16242\libcrypto-1_1.dll

MD5 22f805d81bb63c361749aa058a2c2f3c
SHA1 721c3f519b4c8235d13805cf78433955b5762a94
SHA256 43740842e5fb5053106300fd1abc1eec7f8dc967331169ca7f866ebfda0f7cb3
SHA512 731727624516f2cd9d61ed7df0af1cd99b93a5047ad83e39a8aee7e9804f88482f1d486d0adb5b75c2cf05612dd566ddb7b8a4a4b49bd395cb298c7ed17de61e

C:\Users\Admin\AppData\Local\Temp\_MEI16242\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI16242\geckodriver.exe

MD5 ecd8efd4cab1e6f7d84483c09c9ce6b7
SHA1 aafe438def0edbe9176f462d1e4e8c4a1883540c
SHA256 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec
SHA512 eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9

C:\Users\Admin\AppData\Local\Temp\_MEI16242\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI16242\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI16242\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

C:\Users\Admin\AppData\Local\Temp\_MEI16242\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 583bbac938048639702bcc90dceb8a07
SHA1 31c535418288476ea97281f4dbda387c13330d8f
SHA256 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3
SHA512 ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29

memory/4476-491-0x00007FFBE0520000-0x00007FFBE0521000-memory.dmp

memory/4476-490-0x00007FFBDFA00000-0x00007FFBDFA01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\extensions.json

MD5 7e675ad44f754084251f411fa0cdb416
SHA1 1a4b30ad14cebbc6027c0cd94d22ef080460b853
SHA256 e142c6b4984abdd2f45471389c33d4c9bd3e55a7ccc23be4a22a6e20a0e71687
SHA512 c463e8fc9a185b8a7ba554a4a9850eb88016ead5b0caeb7b0165f935f72a1248f4e69a508530875d16e5635cc50b155a761cc0510cf7f968144c27e891efd621

memory/4208-550-0x000001512C4D0000-0x000001512C4E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\prefs-1.js

MD5 642afd46ab8fb450f3cf91b20bbc5f25
SHA1 1764b83678e17e750736a7aa9fef65c7264e0b01
SHA256 dd3df24bcdcee84a23047bd12c02542d4eac5f5c24194b1a24446c14a62141f9
SHA512 d4eb024f075840e7dde7444c3989f551fbc4c10e70c0804c6ca580b5bf1a5eff8d220bfff2072338798e90bb8dc78bd14ee0c7c00e4a42e7c5b64add163d3193

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 7bc71e3370a9d783c78b89d1213c301d
SHA1 1563fd187c47e6e8c31763c3717a7bd06fb06f15
SHA256 5f06942b44d8f39f159fb3d246382c21355caed0068164161071326b3d96fbc9
SHA512 7ad96297f0df9e981e0ee64b0b89f47fd8e552f7c359e0a25c6632c7ec1fa07b92ac376dbacc0e088e0b56b8d6f3b63d32eaed5559afc75d3534d2c42dded393

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\prefs-1.js

MD5 c5a6c3bafc770b08f8ef6cf141a89715
SHA1 91fcd16c7e85895e49299cd556aa3b9087bd6180
SHA256 e0fe897ea7723e767e5414f91013b6da1aabb4077c9d3ab907341c07e4551146
SHA512 d2a0c640176e9b960145e2a313f2e50eceeb2abf02df2b98008833eb8a2fed111c31317903c0da7f800bb886a4db50798c88f49c50574e67a20f71f1294a3f35

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesH804S\prefs.js

MD5 53b1f88fb5e967515e0581f1249c2865
SHA1 5442baf5698442a89d073b280616fc6bfe7491a3
SHA256 30a3edf0931791c0ecebecb0effd59e526a5c07edfd75b1a0532b4b70301cf11
SHA512 b471989fa75728e332f8f3e4ba468250402cfa58ea021b0491b6b368cc760a5e724b1e479c899fc1713891631b9401d1d60b5dfdaa3182a3587a36f6fe5309e9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\prefs-1.js

MD5 da6817480347bdc64a8817e62bc85410
SHA1 29269ffedf55594c66d374774caea884dbf15e7f
SHA256 86451ad784be8cc90782110e278d45c257608fce8883aceedbab291fb29bf887
SHA512 19b022b0648dbeb9e1df80fa3b2a4cfb82c301a8874734a144d1ae42f28f35bbef78156324c6f3d7f70574f8eb35be021eea9d54ee91ab1785040210a62e2dbf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/820-888-0x0000015767DA0000-0x0000015767DB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\startupCache\webext.sc.lz4

MD5 f4def8c4ddbf4cdb2e1a359781b6bd34
SHA1 f61a351e49a9ea5bf09670d50aa8d9a9994bb4c1
SHA256 ebd8c3d21aa3a994ba4d049bfb99f1ec85ec29f070c3ac4bb02308ea218918fb
SHA512 4434af842f1e568c2231b8597bfd26d0e3d8812353fa0f50923f2bd7c1950679b7f06e56e6f0a4d00bc2f250614646b8065801ac33ac5e640fd8454ce2fc576f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\prefs.js

MD5 b31da544842f4e8927872102f42fad10
SHA1 49e170a70d10f4588788d815eda99cd93baad67d
SHA256 480186e45c25181398e81aee37cc88a5052d932d486c8286bdcf8a9e61533862
SHA512 4be15f00bcbc51dec232353c83f0260b3776b8c4912591fc0c12e47bdaa9a6c2a463764842d97ac62786c1d00cac238ea93c5f2485cee84498805c979ad55c3d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\prefs-1.js

MD5 740f29a47ca93f12b69534fc82f6d919
SHA1 a21a66122e3b0851b5b26f862c2512b8c7f07505
SHA256 bc109bf8986392da8f78ef3bb5a37b7d68f6b31870e156e65c9534367af66464
SHA512 86b90987d6bdf6826b624fb825c8c2dd45fc9dd33f38e930d9fd30deb5bca49d7169891f9873e760a7681406abeb1f982f7ebca560e1d99c5799d35aad4b7f4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKmgfLE\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\user.js

MD5 b11e999fe94ad0b61093c69a3ffc90bf
SHA1 00f5229d010751b1984ceb281ecc293a88668529
SHA256 32447a4751274c1e104bda4635518653e324996e829056897da775d6d4ed1a66
SHA512 e1161a561313b53487fdbd974e9c5769ea29684814a065476c19725b1e33a5057173d328a32449f83f73e1c5e93bf8963ffb790778e64cbef4dfd95a373a62f3

memory/3016-1202-0x0000018686BE0000-0x0000018686BF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\prefs-1.js

MD5 1c9998a1b81ace226f7b8157d54a219b
SHA1 998bae034773aa746825c2de3b68a9af939a8d77
SHA256 d45fe3cbe5b41248d5369884c087cd2bb038212024070e174b9205bfdd3c7269
SHA512 9f622ad4f4a80f6f8c58acb0aad03b6a330c421aa3177ef3fb5b90217341018ced96a1cf3680bcf30714e4fee6f5276fc6f71afee45f12baf61d773449a65d81

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecRjTL7\prefs-1.js

MD5 2d48159cd2299d7bb6e229907f8d681e
SHA1 e2128e49b2f51033a6dbe9c3d64658a6e583620c
SHA256 0182da27b1582a3aabc4989e2f0dc51973d0b04d3ca6a8cf782930bdb536a97f
SHA512 47efbb465ded5ede33c9f144d20fd7a39f772e0d6a740623027bc942710f13966700b24ce997abb0fc30fab92156d4ac78daa2eb7895a6eac83cdcd9c34f58e4

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:59

Platform

win11-20240419-en

Max time kernel

295s

Max time network

313s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1416 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1416 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1088 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5000 wrote to memory of 4232 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5000 wrote to memory of 4232 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1088 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe
PID 1088 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe
PID 948 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 948 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1596 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe
PID 1912 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.0.1479794355\1161629903" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {2bf6c929-fa35-4f38-b995-749878d79c5e} 1912 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.1.1810714960\2088133485" -childID 1 -isForBrowser -prefsHandle 2380 -prefMapHandle 2988 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {d49d2ad7-0444-4dba-a9a3-141869dd8a16} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.2.1268367581\831781816" -childID 2 -isForBrowser -prefsHandle 3008 -prefMapHandle 2420 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {a46240d7-d26d-49a8-8685-82af021e8d39} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.3.602137427\1697280765" -childID 3 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {101cea28-bb4a-4409-b1d5-cf2d6371b076} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.4.1912710321\1046151127" -childID 4 -isForBrowser -prefsHandle 3504 -prefMapHandle 3352 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {6ff1a2cb-f71b-4092-83b0-870a9512f54a} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.5.1247494910\1562326494" -childID 5 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {464ca9a3-35c5-44a9-a686-0274893ec745} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.6.1516311579\1909979326" -childID 6 -isForBrowser -prefsHandle 4184 -prefMapHandle 4188 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {b21bc33d-6ecc-4f48-9c9d-d469de21fd0d} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.0.1605248451\833540672" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {defe0d61-c118-4fb8-ab77-5c8437c666d4} 3944 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.1.1106854186\1051685819" -childID 1 -isForBrowser -prefsHandle 2508 -prefMapHandle 2552 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {a9df11d4-ab3f-4410-b9e4-c22de95a5e24} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.2.2707645\503005679" -childID 2 -isForBrowser -prefsHandle 2896 -prefMapHandle 3044 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {d7491e21-6a27-43c3-bd50-33c14ba9926e} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.3.944977645\500301160" -childID 3 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {9d798052-6b74-4d86-b818-71a79c10e65a} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.4.779821379\1218212383" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {6a0fab2d-a71d-42bc-ba02-17eca46dc7bb} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.5.1597656861\1167866570" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {58ddd2ea-e16c-49bc-b286-a0f315511c55} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.6.1456021148\2084999519" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {30a007d1-fca4-448e-98a6-cbd53a0f457a} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.0.1014592056\520605564" -parentBuildID 20240416150000 -prefsHandle 1732 -prefMapHandle 1712 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {1931e800-bc75-4762-876a-47cc8ce3fdd1} 4060 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.1.246583825\1627495608" -childID 1 -isForBrowser -prefsHandle 2572 -prefMapHandle 2800 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {0d81722f-6de0-4c53-b4dc-cb234f131563} 4060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.2.963227825\1896079192" -childID 2 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {968fe2fd-568a-4f2f-ad71-ea78b5065168} 4060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.3.1772535896\1847586063" -childID 3 -isForBrowser -prefsHandle 3956 -prefMapHandle 3060 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {a6db9610-9d09-4915-bf5a-c54f85999cbe} 4060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.4.1396374835\1718476948" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 3472 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {5cf22d1d-0a79-41d9-9cea-cf0e82b60a2e} 4060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.5.1374357045\918607277" -childID 5 -isForBrowser -prefsHandle 3684 -prefMapHandle 4092 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {009c4096-4390-4427-8c12-fa081de6a3ad} 4060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.6.411496574\470905382" -childID 6 -isForBrowser -prefsHandle 3032 -prefMapHandle 3324 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {eb6b989b-3359-4661-8f07-97a62ded2168} 4060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4060.7.272591352\1509587012" -childID 7 -isForBrowser -prefsHandle 4564 -prefMapHandle 4568 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {8eae27ff-ada9-4bca-b338-fc43c4057d06} 4060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe --port 50015 --websocket-port 50016

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50016 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.0.1716798140\135836494" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {8a57eabb-5616-484e-8943-05d8d5a43485} 1656 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.1.1778743375\1619580004" -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 2628 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {7a6476bd-3649-4825-b104-8a6592fa4f13} 1656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.2.822891906\1937955103" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {dda0ae1c-adb6-4bdb-bf91-d8d9e1b84515} 1656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.3.1577026438\1512757095" -childID 3 -isForBrowser -prefsHandle 3576 -prefMapHandle 3608 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {ead7c8fe-317a-41f2-8109-b7ade502ea60} 1656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.4.1770614208\2019965300" -childID 4 -isForBrowser -prefsHandle 3160 -prefMapHandle 3172 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {85dbd75f-2b06-4a9a-a302-a5e737b61567} 1656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.5.952811348\2019069072" -childID 5 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {ba318f19-8255-46ad-9dc9-eb5ea5b18871} 1656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.6.2031792019\970156751" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {28c04b20-b6d7-472c-b322-71c1528978c2} 1656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1656.7.1683907700\1309828088" -childID 7 -isForBrowser -prefsHandle 4344 -prefMapHandle 3912 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\browser" - {be25b3b3-f650-4aa7-af6f-70af25d98b14} 1656 tab

Network

Country Destination Domain Proto
US 75.75.102.102:9001 tcp
US 8.8.8.8:53 102.102.75.75.in-addr.arpa udp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50120 tcp
N/A 127.0.0.1:50015 tcp
NL 45.134.225.36:11444 tcp
DE 179.61.251.32:9001 tcp
DE 46.4.103.29:9001 tcp
N/A 127.0.0.1:50015 tcp
US 8.8.8.8:53 29.103.4.46.in-addr.arpa udp
N/A 127.0.0.1:50224 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50232 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50576 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50584 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50925 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50933 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:50015 tcp
N/A 127.0.0.1:51264 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51272 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14162\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI14162\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI14162\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI14162\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI14162\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI14162\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI14162\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI14162\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI14162\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI14162\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI14162\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI14162\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI14162\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI14162\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI14162\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI14162\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI14162\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI14162\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI14162\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI14162\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI14162\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI14162\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmphbk9_84n\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 27e6a6bf35274abcb3fb8d176a62556b
SHA1 4ab82b827564e287d35ac972c743766761f852bf
SHA256 16f1ea05e8f14641d6351a92fa6a2196ae26edc5d04b392c12831ffdbaf7712b
SHA512 e360a35ecb702d2a09d1dfddca043a8cfd133caa4816ec96e22a4fc1c8af2c1ceb516abf85b743d787b0c25c8241eb308f8ed1767d88b8ba9faad660e045941c

C:\Users\Admin\AppData\Local\Temp\_MEI14162\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/1936-494-0x00007FF8500B0000-0x00007FF8500B1000-memory.dmp

memory/1936-493-0x00007FF8507B0000-0x00007FF8507B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\prefs.js

MD5 dfad056ba3a14f876a6d6892083c226a
SHA1 a07f65334ac26ceea1664881670472a403bf715e
SHA256 dabc95fe1054f574e455ab132f17a5a97ff40b3e65f450ae48e14ddb672bb3a3
SHA512 e833b285341a20dd6b4742bc1aaa7ef8303aa6646770aa611dfe83db208c6e0e29bfed9fba346feae0a2fd557f0fd25fcdaa1687f35f1544a1f7b5ccb96faae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\extensions.json

MD5 0dddac66deb4492a6c1719a1b92e960b
SHA1 a9214a9965455a39dc997f73b6effe4b2474c820
SHA256 797d2975e6eac1aa788d7d5ab8878cecaa42d7c110604546650b76e09fe3ad20
SHA512 7c09c90e052abd13f41a350f490d46e29e7cd498f718647e615d9835d1dcda2fd826e695128c2791fe5499d3c00facd0a386ad83b399676f388d1bf1e54a3083

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f8a032dbb6b62961ca3a7c8330a72d7e
SHA1 4a1a06fc901846163de6eef4396fe1e1599bb886
SHA256 9ff5da3ff3ca8ea7b776fd719f5f43b95c5ac3e347291f404e02ddbb2f77bcc9
SHA512 8e69d61ec42d07e684efa2c0539a60e6affe97e79b67d3273bc8b2c5b49095aa00c124f4a1dd99bce3d01cc3d82dba6fbd5e2122ba5061f831488399031b6cd6

memory/1912-573-0x000001FB629F0000-0x000001FB62A00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\prefs-1.js

MD5 966e6d3091001e9dd4802e3c6180e675
SHA1 f75e8e7cd56060c30cddf932f7d90cb7764d5cf8
SHA256 d01f493e1250442a19f69368b453205d2b1ebb297fb6b47321e4afc4d0a41ef5
SHA512 300bd9a771a37ffa1364ee1765e26b733e7c38fda88c1d660cb12f65896c4a3f8f0d60e2763ca9a53563a22281ea918790c2473750ba3d6903060a0184e28e43

memory/1912-614-0x000001FB58AE0000-0x000001FB58C50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaD1k2m\prefs-1.js

MD5 2e9f17396b7673f6094a49cd149dcfdd
SHA1 884ff47d8b6f8f58fefa0c9751b6f64732090022
SHA256 8f6edb36a45746d486fc1bc321e1fee7ede1f09607af272cbfaeadccda7e550b
SHA512 e237066c88a8c4136e727389c9f1715cbcbdcb5e7278985fa7923ac4131b98543a5ce05d62ddb7b5597708f9109d360b8b0133d30e7b756598037c2fb96a1fbf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/3944-878-0x000001A2B9490000-0x000001A2B94A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\prefs.js

MD5 769da4d37982d019cb9cea9f9c32f398
SHA1 36881ee0e8e4097b7466bd2ebe92c0b9771683fd
SHA256 2210800b9b2b00e42712d62fdc8c80f86424a60ee53eaff74b173b01b2c84818
SHA512 90579e13af6f94dc997edcf8de9bc080f3671b1ead59f71b8e0f2a00f35c8dabd868c464552aef54adfca15216fc697ab18414912f20f815c10f09682f38241b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\startupCache\webext.sc.lz4

MD5 6cb8b06de0098d330a23e41fd0fe2ce2
SHA1 8dfe29339475eca118390c468a1ac05e17fbcf72
SHA256 35642ed136db075ca82b2c111c86f433475f731320f40063bda26192a419e03f
SHA512 e92d7f469259761679a840a3752eaf2ef8320122ce132b4128fc10ae5bd02c011fd924bf0a291953760f56f5bd8c234550ffdd8fc3fc5de402409400925c5ead

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\prefs.js

MD5 86a4cf1537e1e0a158686fe00b18518d
SHA1 b87dcb957d2b8197561cbe6ff64f3aaac246bd58
SHA256 0e021dc28e9affaf18d5d53584ea1016a355f060603e2ec37c2281a2870ed014
SHA512 7e7a3e8e53b3ad67db8f8158ba851c72078b34158a9a55f904361bd1ee74568a28e432e05eb19ef01d40f5552f8c7059db2dc88b272499d84a03283acb51de16

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\prefs-1.js

MD5 c29c130bc9e3d7d5a93208c4e6fe31c2
SHA1 d91e1e09733c649d19670568ee41edaba06130f8
SHA256 072de2c33efabcff17d627e20f4f543c852e4d62f3b7c56c4bc69ea9172b8bad
SHA512 840301eff7245ceeb63aa1cb82b068a0afb79bfbb48fe0851a7632929640484ab6943b84192a2021d6709c4d021360d4c31a67b3200abac667dca4b730d24687

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewllvre\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/4060-1202-0x000001B3921F0000-0x000001B392200000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs.js

MD5 61c87d5fd8090fc89c42287d7ed4a254
SHA1 27b3968be027e61077444ee1173fc750a9b52cce
SHA256 1f4611657a6b9a54955d8a6a59bde7b77380a6a7a361d19c00816102929d7caa
SHA512 aa08eebe8ed6965bee239cbcf2c8eccbd5b594f222c8ef774b973f4b8246464980297d80055e2ab8b48e50d0b16d7fbfde2d7d27a8e575e02215bd959239f81e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs.js

MD5 781c71d153770fce737e384e59301f7c
SHA1 8b8ef39b84c47ec89242977d5ed2f3390d24c182
SHA256 7cae70ac33d8631d3176ac03e132746370b4b96fc5ef5ece1e18d3fb3fc45457
SHA512 5c4836244f3d8acf01e43ef8d3cd285735709b5c4d42cda8257830a1f6ac8a90a659420038bcf06d114d69e849e25d2ed4713305d0fad09b61bf549093c5c8a3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs-1.js

MD5 44a46dac2bbb8812319664b192f86b68
SHA1 fb67eb9cf424e6fccb541e543d738de9a9186a35
SHA256 7ff3860170c92214aadf39dfc4714e8cb78743ce7a475b04a5972c13961bfb0a
SHA512 c9508d0fec4cc577bf7b2373b3d542ef185e011c97e1c313ee983107754bd5d94fc684bb85734b4e325e73cefc351d302ac4a8673df4064aba80ddd14c8b878b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepmmIPb\prefs-1.js

MD5 0bb528e1913b9fc67588a7949dad0966
SHA1 fb0ae6fd4bbc1de93ca758cdb8a5e0a71534c409
SHA256 c0fb37a62c21da3c8bf9e2083fe68198dfef74daa4ae45a9141a2d6febd7df97
SHA512 e383dc00851fb89e40e9c749ab15c0b6ce41dccbc1b4be9ff12466d86f5d29ce0dd2247cf2398591198885654e4eadf9d9d2ae4b5ffa34b78791cff73df88df1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6\prefs.js

MD5 cfd81452248fd3c901e5fc243a4edb28
SHA1 843bc8dfef8829b5bab5341980da6217388d6a62
SHA256 7876ad5ed94281f82057da7df29e74318cfea169d0fe8b4748e719ee0508e8dd
SHA512 3ce926bb78dbe089a6a7134832a6d7b8105ecd2f9a35676a3d05c855939e9127b05f8387808427338e3ec73d60218e6fe091cf9710ec68d526eaecec8069d433

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLrB5C6\prefs-1.js

MD5 43d53ccaec32b7a98c8e5e4589bdfb8f
SHA1 a3b061ba92bddfedf8dbe23c9fcb13561f40daef
SHA256 fb9acaf68665026db12e7fcab1805202499ac7a1b86015ab8e0ed777779f2aad
SHA512 5046f490eaf9a56ed1bbad639ba2815edcdee7058b64f4381cdfb4a1606c50540115bc0e1450e8eb749650ac0560f9ed106984692d7ddfd6fb693f727411989a

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 00:47

Reported

2024-05-09 00:58

Platform

win10v2004-20240426-en

Max time kernel

276s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4568 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4568 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4364 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4364 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4364 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4364 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1536 wrote to memory of 2176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1536 wrote to memory of 2176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4364 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe
PID 4364 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe
PID 1204 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 1204 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 4108 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe
PID 396 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe --port 51441 --websocket-port 51442

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.0.1360793342\245605948" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {f8a50169-5505-4c73-bf91-c3f60e71c2c0} 396 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.1.200396377\1086512177" -childID 1 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {bd154123-f057-4d24-a046-19322b425718} 396 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.2.895771234\67297448" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {419ea5ee-6b01-4a58-87f0-10de585998ef} 396 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.3.1298843043\1920157286" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {57a2ada4-56a1-46ff-a954-6abf9f207658} 396 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.4.1567967952\788471835" -childID 4 -isForBrowser -prefsHandle 4004 -prefMapHandle 3972 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {6b361af7-1035-4944-a21a-39660f7aa744} 396 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.5.1551165886\848395780" -childID 5 -isForBrowser -prefsHandle 4260 -prefMapHandle 4264 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c726a058-d618-42eb-95c7-dcbca4d1dac7} 396 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="396.6.2115421974\428953379" -childID 6 -isForBrowser -prefsHandle 4324 -prefMapHandle 4328 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {3e3b1766-4757-4bb3-93d0-9c8b1ab92afe} 396 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe --port 51441 --websocket-port 51442

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.0.1694726555\743480751" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c8996bfb-4759-4dab-875f-59cd29481956} 1824 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.1.1198350206\1809521959" -childID 1 -isForBrowser -prefsHandle 2556 -prefMapHandle 2376 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {b54941ec-ccb3-4310-a111-2f603daa91b7} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.2.258244691\775057296" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {1bd1b85e-e5af-4bf5-9984-167771329f05} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.3.1003952341\229624860" -childID 3 -isForBrowser -prefsHandle 3236 -prefMapHandle 3240 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {45fe77f3-b120-4d86-914d-04aeb4ae0392} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.4.15298648\1840827261" -childID 4 -isForBrowser -prefsHandle 3884 -prefMapHandle 3864 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {8fba39c2-cc01-4d42-a760-28772a4760cf} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.5.1172395708\1475423206" -childID 5 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {f3d142e3-1145-4034-8b6b-5744e6898124} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.6.1281761657\1609146555" -childID 6 -isForBrowser -prefsHandle 4212 -prefMapHandle 4216 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {0a2b8196-e762-4a32-b05a-072a37babafa} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.7.882198966\710943165" -childID 7 -isForBrowser -prefsHandle 4032 -prefMapHandle 4196 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {f724b5ce-81d2-4a16-9122-963d6e184a1b} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe --port 51441 --websocket-port 51442

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51442 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.0.745493065\1642446620" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c07f2c16-04be-4e12-8065-040a2f15eeea} 1252 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.1.2043884980\923261766" -childID 1 -isForBrowser -prefsHandle 2608 -prefMapHandle 2688 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {5b458ee5-bcfc-4832-994b-0a4009f27e63} 1252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.2.828319675\1358993248" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {b851f6de-a137-44f8-aa2e-f3a12ae2d4fb} 1252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.3.1497958307\996280801" -childID 3 -isForBrowser -prefsHandle 3324 -prefMapHandle 3308 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {cb8ad784-332c-46af-ad18-02f44ffce582} 1252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.4.1736369041\712044055" -childID 4 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {3b86ca6e-3cb9-434e-b666-756fb7880e9c} 1252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.5.1243823261\1098644177" -childID 5 -isForBrowser -prefsHandle 4052 -prefMapHandle 4180 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {76dda959-8246-4e57-bd4b-02ab257bbb9c} 1252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.6.238027538\835599881" -childID 6 -isForBrowser -prefsHandle 4236 -prefMapHandle 4244 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {fb0ad2c0-0c08-49c8-ba76-c7f6cf5d92db} 1252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.7.1877637045\1281682184" -childID 7 -isForBrowser -prefsHandle 4732 -prefMapHandle 4736 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {90ca92c8-a264-4a3c-a9c0-33f36248e8dc} 1252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe" -contentproc --channel="1252.8.181115202\981382832" -childID 8 -isForBrowser -prefsHandle 8920 -prefMapHandle 8924 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\browser" - {c18fc45b-b026-48ee-9e80-98e08e110a58} 1252 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 199.249.230.177:443 tcp
NL 37.1.201.144:443 tcp
US 8.8.8.8:53 144.201.1.37.in-addr.arpa udp
KR 158.247.225.136:9001 tcp
FR 45.158.77.29:9600 tcp
US 8.8.8.8:53 136.225.247.158.in-addr.arpa udp
US 8.8.8.8:53 29.77.158.45.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 2.18.190.77:80 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:51544 tcp
N/A 127.0.0.1:51546 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51650 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51658 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 20.72.205.209:443 tcp
N/A 20.72.205.209:443 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 20.72.205.209:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 2.18.121.31:80 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 2.18.190.77:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:52009 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52017 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:52375 tcp
N/A 127.0.0.1:52383 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI45682\python38.dll

MD5 a5ee4fa71fef11f96e91af34bdbf075b
SHA1 82f5cd96e15ee50f7d5255d657074a4c2f0544d8
SHA256 45667e2c024552ded7a98b97225d8702bd35b29e33bc75f111cc349d0388ad25
SHA512 1ed82ead67ddaf52db407d1bd83e1b5989072e6760034b285b65e1d6a6c8f9cb2734ecd89163cc2edbf6668529d3e30f3ea41641ca5ddb7aac23b8ef57b7083e

C:\Users\Admin\AppData\Local\Temp\_MEI45682\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI45682\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI45682\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI45682\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI45682\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI45682\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI45682\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI45682\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI45682\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

C:\Users\Admin\AppData\Local\Temp\_MEI45682\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI45682\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI45682\top-1m.csv

MD5 0bb41c540a54e3fd2eee9689c7a4d23a
SHA1 40062442cb48102a1671749bed9e6cbb369284f0
SHA256 94b70bb532a798d6b732267e11a90de78b0a7dd3f8a41ecf1525f52fa8409c86
SHA512 3589975776e6cbfcf013e7461212676f6900c930347599e39fd102d37139e9636dce0577ec269d4dc90395c9f53936def2886dfef7fad938fc1a78dc3ed2015c

C:\Users\Admin\AppData\Local\Temp\_MEI45682\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI45682\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 1ed7c2bd7ffbaf447f5206e035d8bdfa
SHA1 8455c9b465e9abe8a90f394a8ab5fb769b10fe15
SHA256 aa15d65dde814599e444b377f36d090400b18206edfea6f5d3086be4a01338d9
SHA512 eb3faeb0ab14060722e69e216ea27907679d02a09965ba2b2757da64a086932ff721ae1d4daf65028c86ca354575a4c1cea6637242925a3f5bd79e176704844d

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp33hqo03b\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI45682\nss3.dll

MD5 ee6037e568307c91667f054b406086a1
SHA1 935e33492f71ee268e10334056247ab3dcfd69a5
SHA256 cefa3b0ea718e5cb5d070e4cb0064192a0590d834e2c71320aeba59e4da013c3
SHA512 3b646a2183808981461474077ccce3dfa322a40045d552e08794b90015d14b78cddf26bbb4349be37dbe1e2365fb78d27735ddfa8ead15aaa5ba639731c72e3a

C:\Users\Admin\AppData\Local\Temp\tmp33hqo03b\webdriver-py-profilecopy\favicons.sqlite

MD5 c2bbf83056f1563ba6f1ffef35824532
SHA1 ee3fe13b20e7948b59bc6d8668369cb79d76af8c
SHA256 7c5b3ad6c8cc78caa41849987d59924b17ad5cf5de6486f6061c807a7c7268ae
SHA512 88675fac0932c3d69c73d24bcb1fc10d4c1d7a850a28b7b2994e9a16bc28a31017ffb5306a083f9db0a9eb9293813b9fc69adb763ee51c26b68e3f4b3dd97080

C:\Users\Admin\AppData\Local\Temp\tmp33hqo03b\webdriver-py-profilecopy\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI45682\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI45682\mozglue.dll

MD5 9647b3d2d168398c6bc9e9d939596971
SHA1 0d420aefd2ef229a7030b840796b95f2875d848e
SHA256 79f51e2545df5509d036b1565bc65f1183234494ddf4fea1541ea797ac541e1f
SHA512 f9d040bed9518cb0098c18abfa3056e78d0507a8e15898172e9c9cbafb3d1aebf2d4ecd1c20e3b00e746105fc56d4da16d949966d9385586e02c080a52d6b04c

C:\Users\Admin\AppData\Local\Temp\_MEI45682\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI45682\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI45682\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI45682\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI45682\python38.dll

MD5 82cb609d6d313b55ef2182e1710dbe33
SHA1 78a68e3f7e79a0f79946cc4a47f9f76ed613f8d3
SHA256 9366df6f041b91067dc5027adef7d81b554ca1d8ce28cebef2596e08b18ceb7b
SHA512 de159901a8b69599170a53e4a6b61eddcbcb0c76fddc0eea5aa22af44032b10b45c36287f37cd500db5d88a8db8c96aea25b0d3e02cf91ecf90043fe6aa21081

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 583bbac938048639702bcc90dceb8a07
SHA1 31c535418288476ea97281f4dbda387c13330d8f
SHA256 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3
SHA512 ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29

C:\Users\Admin\AppData\Local\Temp\_MEI45682\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3036-491-0x00007FFA6C530000-0x00007FFA6C531000-memory.dmp

memory/3036-490-0x00007FFA6C900000-0x00007FFA6C901000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs.js

MD5 7c8d7fd338ddedaa0519d6d7b05c2f39
SHA1 39792d3b6a4d424f9480bc37801ea53f6f4e6bbf
SHA256 fe4fba9e6c4c9cb618129f035af9cd5f672812c4adc1fcd97781e9e55d5d6889
SHA512 9211ce5a52d2d4b264e5e920938d4afd80c39b5a3eab94af801f914627a5ee7a5bb3f25ded826e9b31fe184af30ecf077cb05a549fd9149c8cbe265b03a87f6d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\extensions.json

MD5 57de1e624fae94f5de26f46f525bb985
SHA1 12808b14df3e1f1ffeaa9f48bcceb66ebcc8d3de
SHA256 e8f116fa00384fdf335c2acd28b029fb197c0533e649d4b79b04771d4c1cc065
SHA512 76c64778a1a001ca5daa2044c843dd80dcd74c715b1010e54b4e648f1c77d0d553c2f2a9f5e224de1a3a1bf1d7395d6245f2532eb911beb1a953ce1e9c43a10d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs-1.js

MD5 3d5bb112051a9fe730521dff9e77a7bd
SHA1 fa083ce79c811e31e728e2fb5ac319605aa65194
SHA256 ea11952ab0f6447d6a877178e70ee87406fd3222533cf7d129e75729c7609b82
SHA512 a40739b2714d731f26a3d09707ed7a1d7c15289452074c56026b6d16d73ecfb23f5dda65119167dfe3dd3a918a253e5529ac309344ae28a92068b4a3ed92c279

memory/396-572-0x000002A394930000-0x000002A394940000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f845a5b1377792730e0de040a4da8b0a
SHA1 36abdbcade0b0ccc433eb2ffdd0f584ea9d3cf7a
SHA256 a32dba9cd7e7644962b3d0e9550e0915cde20dbd35af717210d9b64131180276
SHA512 8b21fb9edc0618078c676aee7c5bb61d810faaacfd96126a48e4fc5fef0fa19499f4679100c66c8526529041b0dce1abdf6fa266e055bd974075b2fee4f92a3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs-1.js

MD5 b0e8f8ce80bf15aad390e114d3b006a6
SHA1 4120c72507736d29782c325b20da4c188eb08b85
SHA256 bc22a12eac497bc498461705180b1c8c15c76c322451694cd40cdec57b92c337
SHA512 7e1b882385c7fa5b43cb69bbef99b70ab3086ef25f52a112791c4e84017130a37918ee94541a9b892b045ec53fa7a6731b50074a1b657e48b43b0cc9223676ec

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGuzmtp\prefs-1.js

MD5 af45a7f2177df1d65a3729a9adc2d0f7
SHA1 2848fe457c98056a63628deb2968152d25b74c12
SHA256 f4ae7e443f30249cc9691490834192525a3515850247ead191fa4b47c1dd2a21
SHA512 dbfeb240ce2a8a2e278ccb2c8abff8f4df8a47b36d86ae5847306d62bfcd6e4f5e44c6405f0053aabef39b936f24131641c3aad56a42f1d78131cd01e4136a09

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1824-857-0x0000013D728E0000-0x0000013D728F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs.js

MD5 21338c94dfcc2e8f547638b325d3bb64
SHA1 3d0077c076518760619c22f1af2c13687a9ffeec
SHA256 7c04cf502ebff1911939abd2641c73d93cfac0060d8ff1c2a73056bceaf689c6
SHA512 e0950e18d3a6eed65183347e2a58302f84fb1e01c057a4440530ed8d83d529ff0bfc4dee85f94a85a9422e30c0ba4e43aa686e5ef820778fea1602e08ac52b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\startupCache\webext.sc.lz4

MD5 a454857cec3998e45a3feb0cc950a90b
SHA1 7070fb39392b017e8f0af7b38a3f21b82ad67255
SHA256 b5c7cea7cbbe636aae7322fb9b5f05bd90898a7d5f53278ce5d9b0b6b5eae8b1
SHA512 fb652c1673341264a4530fe41da0f2834c088a3d9f3c532c83f29bdc4fb475fd519e95f9e1715f8b9f95b002ebb163db67839f322b32eaa5a9b9105021ef7e68

memory/1824-916-0x0000013D670F0000-0x0000013D67260000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs.js

MD5 d5453f4408e02510846a73773e829fe9
SHA1 1e8fbd8caad42efe4d313ebc02a63dccec11df73
SHA256 02943f56b0e582e65c9e6c992861e917591f9bfc7e9425218fa6667432d79656
SHA512 0a2c915b8337cce000e33e67f85039c9e37a2fbd1f0060340ba722191066d43d010960e313c5b1d014e0a18fdba70bab4c68e0fc3b8cec36f7df6e1b2c74a4c0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs-1.js

MD5 0f33608282b85dc96bdd2cdfdbd068f7
SHA1 62d36713722931bb61793cfa88dde626b1b08979
SHA256 e4d55aeec956a591bd0262908bfbc250955c97475eed78bb554d25a7d04f40a5
SHA512 20120b5cc8a3db2afaef0243a66e7ea7c202807a40fd99bd33dc97faa3f906c89e3e00887369ac5d0ead36ce6cbf78fb0da9581a8c877b878ac513bc73526ce0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\prefs.js

MD5 2424b6ca842bf08c55abfa26decdf593
SHA1 7d64fb1b339f4b205812bf448d0c858171deabfa
SHA256 0f41ee4e37ea2c4b740c28ac2f03d64f4669585c6a4fa628741cf796cf805735
SHA512 75a13d2a7a36128b45f29ba4bdb9816604e5771b92dae2cffbd021940eaa04da799d2313d03571b5ae6e9ddc58d4a00ae2b46bf35c77ad2da0f81b42bf2e79ea

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4BQLth\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\user.js

MD5 2e16405cea0e4bb1aefd4e547d9b887a
SHA1 217c324ac7da7325950f2b9bdb6a2c90338497b5
SHA256 3fc9f54713aca04ab76324714c9a86d64f791db981967959703094dd5bf518f3
SHA512 d5b2797c2f81017916656df095cc5eb2b046cdbe619722265db1ace37cc3280674b896ad2443d2778f85a147d1467ec6bdc4ba1d95bf01febbac47f33f925752

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\prefs-1.js

MD5 4be09fdd3cca803d0e7a74b46d76c3bb
SHA1 a79a90e7ae285950f6bd9d672546059a3f40b469
SHA256 d653e0da62763d48178fb9e6544f6ec0d8997e3a6f92e002e654d7abc6ac41ab
SHA512 05768ad188ad270a95110670a2ad9e310ffcf4425cf9d8895b59eae13ac96fdf1b4cc98ecd3b181f53b018ff3fd0bd54a96d97602af05ad87a1b0842dc30933d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIi2ejx\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb