Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-bjcmfahh8t
Target medium.exe
SHA256 335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb

Threat Level: Shows suspicious behavior

The file medium.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:12

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win10v2004-20240508-en

Max time kernel

298s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1020 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1020 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1584 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1584 wrote to memory of 3508 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1584 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1584 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3508 wrote to memory of 4504 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3508 wrote to memory of 4504 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1584 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe
PID 1584 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe
PID 4636 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4636 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 2724 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe --port 55935 --websocket-port 55936

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 55936 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehg86oZ

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 55936 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehg86oZ

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.0.87495751\845212609" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {288377a8-787f-4baf-8591-292d351da0d7} 4136 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.1.780086014\1898334587" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2884 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {6c58e0e2-1b2e-4b65-99c8-ad48b0f6a7c5} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.2.1089484032\1992178797" -childID 2 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {96cff0b1-f1bb-4b71-b667-d14aada54bd1} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.3.285523518\186139366" -childID 3 -isForBrowser -prefsHandle 3220 -prefMapHandle 3376 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {36acbe92-fb77-47cd-8035-fcda2526935d} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.4.1423223802\873736300" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {7be6d04d-8fca-44b2-a353-5adbedc4d788} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.5.1982912241\1694989634" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4076 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {8454c08b-b0b5-4481-987c-ab7e0e87b059} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.6.570422510\1424278630" -childID 6 -isForBrowser -prefsHandle 4192 -prefMapHandle 4196 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {0c1412c7-cf9f-4310-8707-cfcf5d17d3dd} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.7.299744518\795831046" -childID 7 -isForBrowser -prefsHandle 2904 -prefMapHandle 2820 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {c61e753c-b20c-439a-9e13-cb002b5a125d} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe --port 55935 --websocket-port 55936

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 55936 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 55936 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.0.539503944\447182884" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {c336b96e-e637-4cd9-8510-74addbf4fe2c} 868 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.1.828796788\173924037" -childID 1 -isForBrowser -prefsHandle 2320 -prefMapHandle 2452 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {4bea17ff-89fe-4822-93a0-a100b461dcda} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.2.698625537\246186245" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {d5b1e5a8-ad7e-4c68-b0d1-5a902abdccd9} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.3.1223489087\1821690111" -childID 3 -isForBrowser -prefsHandle 3320 -prefMapHandle 3516 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {a705b776-f31c-4fa9-8906-2781bd72efde} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.4.823887709\1635849629" -childID 4 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {96cbeb2d-a500-4e32-ab08-a69e119b18fb} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.5.402018694\1056630235" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 3932 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {3b71325e-4f50-4166-a359-f1fbca5dd838} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.6.1368524323\694739071" -childID 6 -isForBrowser -prefsHandle 4116 -prefMapHandle 4120 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {e9da2029-3ca0-4c31-8dae-a33610b6f62d} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.7.1877164071\1454748696" -childID 7 -isForBrowser -prefsHandle 4632 -prefMapHandle 4504 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {c42d0a37-4341-4cd8-ab8a-216443731a9d} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.8.1163735021\1907728527" -childID 8 -isForBrowser -prefsHandle 8668 -prefMapHandle 8700 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {c0a462dd-169d-4189-90c8-2ce6f5dbd8ba} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.9.598288428\580154056" -childID 9 -isForBrowser -prefsHandle 3324 -prefMapHandle 2656 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\browser" - {a70d6e75-a7f4-4d9b-82ad-05743e2ec68f} 868 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 66.85.128.218:443 tcp
US 8.8.8.8:53 218.128.85.66.in-addr.arpa udp
US 199.249.230.74:443 tcp
FR 89.234.157.254:9001 tcp
N/A 127.0.0.1:56039 tcp
N/A 127.0.0.1:56041 tcp
N/A 127.0.0.1:55935 tcp
N/A 127.0.0.1:55935 tcp
GB 89.191.217.1:9001 tcp
FI 85.131.127.185:443 tcp
N/A 127.0.0.1:56146 tcp
US 8.8.8.8:53 254.157.234.89.in-addr.arpa udp
US 8.8.8.8:53 185.127.131.85.in-addr.arpa udp
US 8.8.8.8:53 1.217.191.89.in-addr.arpa udp
N/A 127.0.0.1:56154 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:55935 tcp
N/A 127.0.0.1:55935 tcp
N/A 127.0.0.1:55935 tcp
N/A 127.0.0.1:56536 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56544 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10202\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI10202\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI10202\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI10202\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI10202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI10202\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI10202\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI10202\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI10202\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI10202\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI10202\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI10202\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI10202\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI10202\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpaspog_ff\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI10202\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI10202\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI10202\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI10202\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI10202\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI10202\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI10202\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI10202\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI10202\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/4168-492-0x00007FF98B210000-0x00007FF98B211000-memory.dmp

memory/4168-493-0x00007FF98B7A0000-0x00007FF98B7A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehg86oZ\prefs.js

MD5 2b51b554eba2c1a7e052660fac255970
SHA1 285111e7deb82c09a66cc2eed1a0ab1bd8da9924
SHA256 32f3d01ca9dd5913e9541d40f53dff32b53bb9af0b616e131868a5c101aef584
SHA512 290baa9cdb1508a68d489c1bfa1764a1b6141aa5719e8e755845af03e237e6bf81d5188e50e32ff4e4c8f9583251da8b245b4dd7b6256a3e0877b888d37fd9cb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehg86oZ\extensions.json

MD5 abeb1e4f703debad8209c9c25e9e448f
SHA1 3b3d6c04dab1f27ab4a9b0f0b04b308a60994edb
SHA256 949be53c0f5810781a8c3b03e287e4836fc622bab4b246eba66513a9cd5ad6f3
SHA512 960461dc7c3b3912294fc13fb53225b1ad06c267fd0bb41c90f8661405b4d18764e3e73127542feedd246762f33f655249686d31c90f9fdb2305201e67485bdf

memory/4136-563-0x000001FE8FA70000-0x000001FE8FA80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehg86oZ\prefs.js

MD5 e13c0a48f6b0a171391dccea5bac5a24
SHA1 2f63297b88688d63b605de6e0d34a3f4d0955eed
SHA256 8d651d44833ce2f688db9af4dc3145e8585c690dec2aeefb484c7d3b5c4e3b20
SHA512 18cbae91ef6115b61c9a8c25b0916302dcc1f894f9a07fb85b4184608968d5151b36f307e54b42c034dbe48f9a12aa2b9f2c64af7e53004fe4b89c4f7871ba82

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a579ecf2fefa791bd2cde0486bcb32fe
SHA1 2dad52a5db9ee6465d7f36cdb1aa2949f455df26
SHA256 8f8acc581b3c9e1114aa8aa71ac97bf9b89b395e546cb7b076af38b151672b93
SHA512 633f1d511e609a7169100a994526c50633d2d7fa10e92eb5c9187880cfae9c8bfa6324aeac0bd0b5066ba411ee1b5ac7395fea56180b09b8508bf3a025a89481

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehg86oZ\prefs.js

MD5 10099be22b72e87fb46e2fd8710524fc
SHA1 5789e3c0cc02b366f1160d6244ae8ea833b20831
SHA256 1be5ef6436770b321aacf6c0b447b3bfe585a4a5afb69b2a24f6aa62ca682f87
SHA512 f570a8a873b68b79572ba610ff23e5cfec2da1da75ca37f030ea33d72da6a41e41d4ed80f05f4a2c3f29345395743e627c6c2e36c792b6ccdd8b6c30ca289e1e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehg86oZ\prefs-1.js

MD5 0a2d292dc2616965aed91caeddc8b791
SHA1 9455bc17d77061e2d6f2a5498531187761ba94b9
SHA256 884658675e7b07e6b48ce6b0b4f6a12b00f3f074611d8e9c51a56dd370ba90e5
SHA512 285d1a3d09672b2debcda2da7fc5315a5af00ed0ee334b79e4bf5223f982683aa379e6452f523db4f3ba44755f228e98e308c851e202a5aaa93cea06a1ae58f2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/868-907-0x0000020498DD0000-0x0000020498DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\prefs.js

MD5 0e349b1b36de71ffdaf5cfcd1be82652
SHA1 ac3023456c7467963577806e2fd5632553f6bb2e
SHA256 8b4ff3e9e04ba7acd758f5d2b76f7a5174b0aa3bddc8556ac2eed865f433e9e9
SHA512 6541b746edd1e2a977153bc75696e53ebc6d37a13ab69066a60e7bbad971bde47f2384b90bf14e92f3b270956acd798db83de662668e9b70002041a3076f92d8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\prefs-1.js

MD5 2b8429986c9336fe7b47f4650868207b
SHA1 90888555c9d034646c5d71a5f828622e9a51369b
SHA256 5503b0db920309dbb35a8aa9e9e15795f0994e7b406878200c40ade8485da975
SHA512 133e98d1860377494a69d11f4cb8bd1bc25e759bcab8641693de8d2a9a5deb4310f2e0def233a88ceec7445a25e4fe05b21664362ff7e6c5abb010e5d7f7cef2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuF92JN\prefs-1.js

MD5 cbe77ac4408194828f99795a98c70b94
SHA1 b408981301ffad59994a2cb7a29ed81909f47333
SHA256 49587e0ce27ed5faa339a0ce7959276dc5f5b154a9c5a0b21baee20ae183235f
SHA512 b452c83e0c5f3a34c1eb87d550da1bf6c7fc1e6d1dfe46639bada106b63d0e62ede0a522ccb9750a92f99840641285f85070d43acc30d5a4907bfd89e0b686a8

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win11-20240426-en

Max time kernel

300s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2464 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2464 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1548 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1548 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4736 wrote to memory of 1464 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4736 wrote to memory of 1464 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1548 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe
PID 1548 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe
PID 3472 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 3472 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2128 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe
PID 2368 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe --port 50016 --websocket-port 50017

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIZLDDr

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIZLDDr

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.0.2138365012\868800525" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {0968062d-5441-4edc-a956-1338f0403804} 2368 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.1.1475893824\311722" -childID 1 -isForBrowser -prefsHandle 2492 -prefMapHandle 2692 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {b2d62a23-a2fb-4995-bdf2-70ab991b0c0d} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.2.1337734014\922325391" -childID 2 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {87cc29b2-7d77-457e-be04-19a7405ee313} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.3.989468105\1352670398" -childID 3 -isForBrowser -prefsHandle 3432 -prefMapHandle 3220 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {2077c136-2c4b-4e78-a6f4-4d73bd43e8da} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.4.1135609207\1683608506" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {9411bc71-f803-4f60-bcbd-4ae703cd2605} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.5.718381228\308377569" -childID 5 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {a7b8acfc-1d36-4c55-bba6-22938b864413} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.6.757723224\1524683767" -childID 6 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {317e979b-6aac-4e58-ac24-6cb5b8e8a259} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.7.1857770326\250321091" -childID 7 -isForBrowser -prefsHandle 4312 -prefMapHandle 3616 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {a62cae4f-8d5b-4481-81fa-4e303a915114} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.8.1331366721\1389646978" -childID 8 -isForBrowser -prefsHandle 4712 -prefMapHandle 4716 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {5cb6da67-71b3-46d1-99e7-11f978f990c5} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.9.1108590767\1619380155" -childID 9 -isForBrowser -prefsHandle 4672 -prefMapHandle 3256 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {778eefcd-816d-4f6c-b39a-5091d9e3eb5b} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2368.10.153272468\1577980375" -childID 10 -isForBrowser -prefsHandle 4904 -prefMapHandle 4816 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {96713ac0-cce7-4218-a73f-b4440a2978e6} 2368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe --port 50016 --websocket-port 50017

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.0.945807700\1780727502" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {d1bf8958-f945-4035-b6ef-f6ef506d10fe} 1680 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.1.472860489\127206640" -childID 1 -isForBrowser -prefsHandle 2584 -prefMapHandle 1440 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {097337a1-f40b-40b3-997c-9f0aabf03fb3} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.2.1836428607\233595544" -childID 2 -isForBrowser -prefsHandle 3136 -prefMapHandle 3140 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {e4a2f69a-cd15-4563-a088-208e1c627358} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.3.1524527529\346775683" -childID 3 -isForBrowser -prefsHandle 3504 -prefMapHandle 3472 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {f44e6502-dc57-4860-9b6a-eeeeaa41afbd} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.4.398753102\1799656406" -childID 4 -isForBrowser -prefsHandle 3784 -prefMapHandle 3780 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {a25b254b-4189-4775-99e0-f06b9e00d69c} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.5.1136998633\559033091" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {ea2f9a7b-34bc-4b15-8b84-c75a5df5d9ea} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.6.1039585596\831887662" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {eafb1b58-b211-4f6d-8933-d288a143d42e} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.7.596364410\1450341747" -childID 7 -isForBrowser -prefsHandle 4432 -prefMapHandle 3084 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {5a6b97ce-4cd4-4afb-8f3b-38fc0d6b0b23} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe --port 50016 --websocket-port 50017

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HDA1d

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HDA1d

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3028.0.1712406185\688609064" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {f40cf8c3-bfb8-4ea7-b706-b4a617128644} 3028 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3028.1.1216724699\1489551882" -childID 1 -isForBrowser -prefsHandle 888 -prefMapHandle 1272 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {384319ca-fc04-4663-b4b2-5e9208bf4797} 3028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3028.2.1069094300\192526175" -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {d20bcb13-f537-4fe9-a165-2c65c32ded90} 3028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3028.3.18622873\1049178310" -childID 3 -isForBrowser -prefsHandle 3736 -prefMapHandle 3732 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {779ba9fe-babc-4788-ab07-16e08bc1f568} 3028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3028.4.488830544\199218799" -childID 4 -isForBrowser -prefsHandle 1784 -prefMapHandle 3544 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {bd58f9c4-7ed9-4f9b-9aa9-b4d8a75723a2} 3028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3028.5.1427154558\742757972" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {c2af5122-2836-478c-96a3-386c4964d59e} 3028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3028.6.2015162282\1408516541" -childID 6 -isForBrowser -prefsHandle 3880 -prefMapHandle 3508 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\browser" - {0f0357a8-9040-4011-89f8-388d5052f8b1} 3028 tab

Network

Country Destination Domain Proto
PL 45.80.158.205:9100 tcp
US 8.8.8.8:53 205.158.80.45.in-addr.arpa udp
AT 89.58.17.228:46856 tcp
US 8.8.8.8:53 228.17.58.89.in-addr.arpa udp
US 15.204.227.208:9200 tcp
ES 81.44.81.34:34500 tcp
N/A 127.0.0.1:50119 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50215 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50223 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 89.44.198.196:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
IE 52.111.236.23:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50846 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50854 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:51197 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51205 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI24642\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Local\Temp\_MEI24642\python38.dll

MD5 f1fa4f50403f2c5c1ee8b474657e239b
SHA1 e5de5c99fad23fb6a2dbbe20252aac4fec71c88d
SHA256 f08ced51aac81b4704794b1d6d14eb71a70fdc60e1241d96926e6933967da7c3
SHA512 8536cce123dea2b2eb9356a25b289e4ef3ceb6539cec03e615d1d8b3ced1961f38af7fb335ee07f74d87747dbd6e927833412cc5566589bb58a31021efc8019d

C:\Users\Admin\AppData\Local\Temp\_MEI24642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI24642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI24642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI24642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI24642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI24642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI24642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI24642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI24642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI24642\top-1m.csv

MD5 6eeda31aac8ee2759ae54dd89cb294ac
SHA1 880d0d31693aabb324c22afc5a018239c98b3dfd
SHA256 e77adec293a226be1c263ad72f2e6abc657a53c5b9812fd4435accd5207284a1
SHA512 1a70e46b50f7e41a119e555f03796a8aa254ba801d91e42276d8bf15a90816202a21bc9d37049ada77b01f1ea856df10994d324497adfa80434788ea366b3281

C:\Users\Admin\AppData\Local\Temp\_MEI24642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI24642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI24642\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI24642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI24642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 c2bbf83056f1563ba6f1ffef35824532
SHA1 ee3fe13b20e7948b59bc6d8668369cb79d76af8c
SHA256 7c5b3ad6c8cc78caa41849987d59924b17ad5cf5de6486f6061c807a7c7268ae
SHA512 88675fac0932c3d69c73d24bcb1fc10d4c1d7a850a28b7b2994e9a16bc28a31017ffb5306a083f9db0a9eb9293813b9fc69adb763ee51c26b68e3f4b3dd97080

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmplo7cztv0\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI24642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI24642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI24642\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

C:\Users\Admin\AppData\Local\Temp\_MEI24642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe

MD5 644e41a4c9066b625e72a8db737de2a7
SHA1 197fde91c657018f144e448c4d8b15560a16cd8e
SHA256 1553d817bf4961cefce8d9ff21c78a84e7c058e398f1dc5eb79ba107cbe7b63e
SHA512 ccc5acc068352adf39abfaa8e5eee140bd5fa54d75d9109d5e8962ed2771adfef6887cf7ea267ed58dbc4be0d0c661af7f6515c92dd1bd1813a3c2409e2946a1

C:\Users\Admin\AppData\Local\Temp\_MEI24642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI24642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI24642\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\tmplo7cztv0\webdriver-py-profilecopy\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI24642\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/1660-483-0x00007FF93E580000-0x00007FF93E581000-memory.dmp

memory/1660-482-0x00007FF93D780000-0x00007FF93D781000-memory.dmp

memory/3696-515-0x000001F315400000-0x000001F315778000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIZLDDr\extensions.json

MD5 eef8cd5ec57b176996e7f485d0180be5
SHA1 f138f9f0ce26ae4bb0cf30b1aaf153efde4ee56f
SHA256 4de6ead905a75163faffdd59b6866de35da195a5575c955ea34446c6c3c64263
SHA512 e37019b266cbf1f4417658ab9fbdb576cffe6ba748cc150f4ca2ea5c9e0792769a52d3b85af3d8eb69715cb5ed3cbcc0f8dfe26bd26268bbf201f7975ce724d7

memory/2368-548-0x000002EBEC7C0000-0x000002EBEC7D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIZLDDr\prefs.js

MD5 a9f279393b77c2b79e4ec197fa20bf4c
SHA1 2fe0ef39e9270f9f315cfb660eb6839af72315ed
SHA256 31ae53d3536c0811604a4a8666f7000b20e64ea5330495f92eb2b4b9465c70ff
SHA512 ad465341aedcd4b9e79119b370d513306e84f73f129b405ab7a1e1ec669095ce622bdcc175af1ce4b8b625650ba15a5a99b0700695aa4d22e1d6974bec11ff49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIZLDDr\prefs-1.js

MD5 afded56b540a077a68ae9c3d136664df
SHA1 2de0e674f1d6023582eceea1b28113648cc7e96a
SHA256 6488ce21d0dc8a1ebe0deda68f6c7e203e5cdcb7bca0284fc207fbc60e5ffbc2
SHA512 1af98c11a2fd02f0fe1a6c64353bf6ba15c15bc95741d8c1b9d9537527b10a42214f2b11f271ae287131cdd7dc2c075dc3946770ecdae49918351a45d78fe6d1

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/772-615-0x000002A50D100000-0x000002A50D478000-memory.dmp

memory/3768-616-0x0000013816400000-0x0000013816778000-memory.dmp

memory/4536-614-0x000002C6C2D00000-0x000002C6C3078000-memory.dmp

memory/1076-613-0x000002A466100000-0x000002A466478000-memory.dmp

memory/1660-612-0x000001983B940000-0x000001983BCB8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIZLDDr\prefs.js

MD5 188b2ef32b473d2a4cc7087139e2c6f3
SHA1 b97b61e0b58e8ca40ad3723bd6b1f39f4bd956ea
SHA256 e51d6920c5cc85562330f174f081e873f26922d6decbccf985abe300b508cfd4
SHA512 50da652737a75f70bc1842ec5cf046e454d6a7c9d66c20d8549b4790210f26824b088a4f19fd30c18d6c0a8bcabcc059558c59d21d2f81ce6466ff2ac10d6d2d

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 2f0dc8d3d635f31c629a24c432d7c279
SHA1 960fff3460e955334e7d7af57c96def8874b79ce
SHA256 c0d9f35263e804f08ab538747ce0a0d6c678aa845882b35e7e64b1204ff3f343
SHA512 dbf287a4145abaf455d6dac14ea763a03675df3f3680ec92c34d1de7743289cba555c6ab99dd526ca261b5263b1f17c0878bc99aa3a40ec948932927a8e7f508

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\startupCache\webext.sc.lz4

MD5 b109a177126790434edc479e018ca7e0
SHA1 23bc4e498b62c74c12bb3b22d6d2f459edc43ff5
SHA256 44504a15e5da0f1222e6e650ab1acf4c7db64a8c119a56ebd15a44d6a12758b3
SHA512 c08ce1e0d1bc353f57c46fbe131e6ca1f9226df578c8ea9621872b36f02148ffadf1bd3e513d56978d920b3be1418eb3b71600b56e1d8378dc091e3d50f3b52b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\prefs-1.js

MD5 ad3e867d58889cfb3c87dcb77ab61cbc
SHA1 71aec49602efcb38d2c9150ae9b7f6c7ed9debc7
SHA256 9f0ce3b6d2afbe61e554f2ef167b7eef7b2c1e4fcdc3e2f921bdbc307b320bce
SHA512 0e387a4db9ba59fd5f5afb351cdd73c36f568327ed42dda96b6a3e74ed095e25fbaffe2dc1ccee17f063e4b0be3cf6a01581d0329552f5acbb84c4a13096f0e2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel6fsEf\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HDA1d\user.js

MD5 48295f367c11e39a1d71445a5a030a61
SHA1 5dc71f5c855235945e31848467528cde37b0a8d3
SHA256 ca92aa1a19cc8c936578f3d35050bee6f388029aefb2a56382da85dd6d011f6c
SHA512 fba8eed1f629676bac47701a4d27bb1133d49c7fb4c236ff8fc32376d840172cca09f47cb501b83e31bedc7883598e3ba3058f1265aa348fe6d8634f6cce5eee

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HDA1d\prefs-1.js

MD5 8c0bd4c7b5c6166dd6e8d739c98f454e
SHA1 d6182d577d923babe66f03ec2ef32bbcf2d0d248
SHA256 f7333e826230fa1b19e87c0ba784d004d2522f39e38e6d609796ccbddbafc04d
SHA512 eddbf5484366c05866af9b9655f9243236c76dbcd2575867750ea8a15715bf9c4fddbc5dcb6c279f94e269558c1f105313aa0018cca40d8e39a89230975200c8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HDA1d\prefs.js

MD5 ebd2a450a88b6d1aafe8a702facc7aed
SHA1 f9569bb9a3043d801e207a475d377e6914b3db2a
SHA256 fa0ecb9b74b01356aa304f0e41b1296c1fff80e4b1210913fe571e68fb06238d
SHA512 e640847f502837219c764968daf12a95a8c9699d9ad4bd4ccf670723703e05e22bc9a5bdfa46c314e7c1f61ef273ec855d3ad194276378c1353192678ffe2a9b

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win7-20240221-en

Max time kernel

299s

Max time network

298s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3008 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3008 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3008 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2864 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2864 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2864 wrote to memory of 344 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2864 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2864 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2864 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 344 wrote to memory of 1132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 344 wrote to memory of 1132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 344 wrote to memory of 1132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2864 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe
PID 2864 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe
PID 2864 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe
PID 2208 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2208 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2208 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 2932 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley9Ph41

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley9Ph41

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3024.0.1461272179\816325831" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {e111e11c-21bb-4e12-8bf1-1dd84a4ddf35} 3024 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3024.1.832238674\1938512838" -childID 1 -isForBrowser -prefsHandle 1912 -prefMapHandle 928 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {c973fa19-deaa-42b3-a2ac-2060ab87d010} 3024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3024.2.2106612458\72917339" -childID 2 -isForBrowser -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {b4cd84ac-0613-4d93-a051-89349a28bc0e} 3024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3024.3.563673508\954421619" -childID 3 -isForBrowser -prefsHandle 2452 -prefMapHandle 2440 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {7879843e-0907-4427-85b4-f9b40a30a9ed} 3024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3024.4.782035881\874224252" -childID 4 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {df846b23-1689-4788-b37c-deef7708e1f8} 3024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3024.5.778262220\245443936" -childID 5 -isForBrowser -prefsHandle 2960 -prefMapHandle 2964 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {9255be17-7df6-4801-87ab-15a4a490b146} 3024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3024.6.1441343717\1630316639" -childID 6 -isForBrowser -prefsHandle 3120 -prefMapHandle 3124 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {e2c8b9cd-9891-4681-abc0-1407ac1ef577} 3024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.0.1282133920\2018213303" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {cc40638b-b4fa-4b44-a291-6d5f260f3747} 2940 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.1.1589485321\859910255" -childID 1 -isForBrowser -prefsHandle 1636 -prefMapHandle 1972 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {a3d6f8d0-74c6-484b-a79d-04cabbb0c4c6} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.2.1628838180\400133035" -childID 2 -isForBrowser -prefsHandle 2296 -prefMapHandle 2200 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {59b26a40-7d57-42b0-9f4d-763fe03051bc} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.3.1525078304\2124648314" -childID 3 -isForBrowser -prefsHandle 2552 -prefMapHandle 2564 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {4a84fef7-ee4c-4e09-88b0-6d140c0fcd28} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.4.88926753\1681711472" -childID 4 -isForBrowser -prefsHandle 1076 -prefMapHandle 1072 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {1881673c-100b-48a3-9c0e-93d01260cc6a} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.5.2053496413\1924046645" -childID 5 -isForBrowser -prefsHandle 2940 -prefMapHandle 2944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {d5a543ed-47db-4229-9b6e-0e841044115f} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.6.1403815521\1855251945" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 3104 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {d93923c6-863a-4991-8396-075f01c040bb} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2304.0.1759315743\1190524561" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {e9a890f9-27f7-41b8-9c4d-d63ff8d6d8be} 2304 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2304.1.213939303\1990445631" -childID 1 -isForBrowser -prefsHandle 1820 -prefMapHandle 1932 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {967b8b8f-c1c5-434b-820a-a4a742f43bce} 2304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2304.2.1186736524\1869678857" -childID 2 -isForBrowser -prefsHandle 2296 -prefMapHandle 2008 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {19a71c7d-3d84-4eba-bf41-bd3ab2e6c5b9} 2304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2304.3.1081781646\629436511" -childID 3 -isForBrowser -prefsHandle 2276 -prefMapHandle 2340 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {5dcd27d1-297e-49b0-8236-db1132405a82} 2304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2304.4.1813332451\554775273" -childID 4 -isForBrowser -prefsHandle 2788 -prefMapHandle 2784 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {e3ffc23b-8659-482c-a5e5-6e14ab141ddd} 2304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2304.5.1109410307\1669657792" -childID 5 -isForBrowser -prefsHandle 2908 -prefMapHandle 2912 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {a17c9b38-3cb8-4ab6-b69a-bdba3cc3ee89} 2304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2304.6.1340092068\1167829675" -childID 6 -isForBrowser -prefsHandle 3064 -prefMapHandle 3068 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {a7bdda13-fd1a-47fb-9fdc-861ac5e1f097} 2304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemmRvtN

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemmRvtN

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1700.0.1656180536\698987783" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {1aa7b638-67e8-4896-9060-12d67e8a235b} 1700 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1700.1.542232835\2078031436" -childID 1 -isForBrowser -prefsHandle 1940 -prefMapHandle 2176 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {dd8feb9a-f085-4a01-a6ff-7ad0f75d6780} 1700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1700.2.2002010697\1085278419" -childID 2 -isForBrowser -prefsHandle 2400 -prefMapHandle 1204 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {c5cb2bd6-a2f3-4208-9ba2-5e604ee3276b} 1700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1700.3.1053571618\566596275" -childID 3 -isForBrowser -prefsHandle 2420 -prefMapHandle 2292 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {1a0734f3-209c-41af-9b8b-33307b684dd1} 1700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1700.4.1118233829\1761490603" -childID 4 -isForBrowser -prefsHandle 1072 -prefMapHandle 1068 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {f454b88f-4f78-4e6c-b6b5-0d54b52d6435} 1700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1700.5.1488532567\367867781" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {87dcbe41-c369-4877-8b77-5592b644112a} 1700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1700.6.718035793\2077572376" -childID 6 -isForBrowser -prefsHandle 3056 -prefMapHandle 3060 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\browser" - {2ceb7d42-dfaf-4089-bdde-9d556b740580} 1700 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49571 tcp
N/A 127.0.0.1:49573 tcp
RO 185.100.87.41:444 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
NL 45.85.117.38:9001 tcp
FR 163.5.121.253:9400 tcp
FR 163.5.121.253:9400 tcp
N/A 127.0.0.1:49669 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49709 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 66.111.2.16:9001 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50152 tcp
N/A 127.0.0.1:50187 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50627 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50662 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:51100 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51135 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI30082\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI30082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI30082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI30082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI30082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI30082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI30082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI30082\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI30082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI30082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI30082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI30082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI30082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI30082\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI30082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI30082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI30082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI30082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI30082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI30082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI30082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI30082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI30082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\tmps3w5fxua\webdriver-py-profilecopy\places.sqlite

MD5 f0b7e10b74546e95a2a0c847bc5db3ad
SHA1 530639bdcaabb1eeb1fdb2cd8f632fabdf02f152
SHA256 ceab4458f67acb5265c4d571424ec9614d2328264557a1de1c3891158b643673
SHA512 197b1edc56c82ceaf838350052a4ac59c4a260a347df038da4405a52e57c893869ced0099aaaa69e34df28d23fae7f88ceb8932e3633e2897db62239ec33470c

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley9Ph41\extensions.json

MD5 2a6a1baf421ebeda65b37782e1ee4860
SHA1 1c7af0f9242ce753b57c6ba831603e4a6c276076
SHA256 53611e807d302750b8366c07372136aaf11648c930e304337a0ab8843088831b
SHA512 944de9440fca51e9a9f5994b53116f9756d1bb9b2330c65708b66d042ba94c906d5abf973be7081345527ee24b209fdea5203bc4459401d064fa49a3ea706de5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 569947a97c06109a5b9a4bbaabf7edd2
SHA1 457e78b63d3a4119a73b7f3398911a724cb47fc2
SHA256 f5b20e788f83033eb7ac705798252ebede2fa9ddb3c67a4fc0b8d3db898717ab
SHA512 c476265b4e400c78039032b20e8cb560f184dd7fe5e651d54ecf7bcc6f17f72b8a6a60e49e7ff6fd3e4ef62360b34477c889d18c1b7a58f5e10c5caf3e3540c7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley9Ph41\prefs-1.js

MD5 8a5f2f2584e5b342f70530433f917169
SHA1 17320738282228e18cebc5fa80c8edb49f5d22ab
SHA256 8bb64bcdb085cbde4f37de669844f3a574e6327d87565a37e05c66c060c782a6
SHA512 e85a3939de9db09a234b7ae7ac960d8d0f787aa076150f4e847d8594d8261c7aaea51b6a5a85439701ebde86711bc2c23aa9f41308b6b92d1233451a45eba807

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley9Ph41\prefs-1.js

MD5 b4a58a1c4910498e0e551dd360ac1f81
SHA1 f5fa62c1f5bc99df6c22bfb5098e912f2fba7e15
SHA256 5323474feeee5d9b73b3b1e67faa74d265e380b2ddc6e759d6734c7c55b57cb5
SHA512 56622f852a00d0f1bd596ec05048f6439802472e974a866aead0fec621895d80350d5a6c35de450bbb6be5c79f2dab19c5d820050fbff38972672597b353f274

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\prefs-1.js

MD5 2602ad474e4bab311666e1ff06a95992
SHA1 e061f4c899412b39ae3b0c99f43b5f70d7a0a72f
SHA256 f31797482d8ba2bedb2a0516c36cdffec1badca686e655f6ccc960f59671d025
SHA512 ffaab5993d845dd90d3fe238ef4503424f4bda0ddbb999d823a6bd68d925c5b11905971e3357feaca7ce2042ec079ad05c439c728dc3ccff02c5d855374f9075

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2940-1150-0x0000000003770000-0x0000000003780000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\startupCache\webext.sc.lz4

MD5 5d2e8fd588b0eb1255f00b05e8cc85bd
SHA1 4fce352f8fb64bd4acb233b55d9cd11359dfe4a1
SHA256 1cf55d039a655ba42524de2d81ac64a3806dab7de2791330e95bd9fcb8b8a4ee
SHA512 e9c2932081770cd77169dfb40411bcf44fd418f69bccbac57628feec590c5e4516d8fdc0afdae09b5f7f52d960763b48932d0c82ddacbd95e0f83fc8ad73055c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\prefs-1.js

MD5 fede4f070e4c5a1769b33d401892426d
SHA1 9775bc3106e4db380eb4e06a5bcaf873a290b1dc
SHA256 95a1e83a25841b6e1394123d17f38b07c20679af4fb419342bef9d4be3ab5417
SHA512 1fb0e8fbef605d8ad01a8e0910fcc9e3e660694da8edff5695d2a94e88c40d89cbbc22b489ca4bb3ae3f13bfcb1c87edc046e475d29a3a94947fd07f6cba3461

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\prefs-1.js

MD5 320861d1423601bb0390e88e7e589837
SHA1 70cd0dcef31ef4d575a90346993791c461809e3c
SHA256 f7ea7e1cc43c7837083adda5b5d1d8b943ef1729de79a5de627bee5d9bf07af8
SHA512 17c98f05a450c79692202a03ed043e6103d00028db2aa9d52c734dbfcb7aae10a487af92412f16158bf8828cc436dc3b6407e12ff6e03895d72ca2a174584e42

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYqhPlT\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/2304-1512-0x00000000081B0000-0x00000000081C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

memory/2304-1569-0x000000000B230000-0x000000000B240000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo\prefs-1.js

MD5 7e589d128c2399975de04c642e1d346d
SHA1 12e39578d05077ec068bd6d0c2f9cc7be98cb8ee
SHA256 9ebd6c60e0e8a2776ddcaaa17e1499c4337f18aebc5d0270c14a63f36f8fd8a6
SHA512 a33985f93d8424edc8ce5d38643efb70cbb79e5dfab18cac1e6cd77e01e9f2d276ce9371ac2912dcf732b13557aad08972e0c506d1f7d89afd4b720150c87568

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo\prefs-1.js

MD5 229ebbc41d430acdc60deaa9bf0c5f1c
SHA1 7952b80f6b0efd2ec1daa2b6c1b803af7da0a974
SHA256 5bdcc80c4586638fd7084664c047c326889b6cfa64d1da3b70c7e150aa01315c
SHA512 e4d9dfe0e8dd43c47289f1dcd174838957a298a570e6c6eb039f0420b95ff0917e458c633518484224269103f43fcfc0260c56ca5baa12e3c24d828c7a1b7bd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7csuTo\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win10-20240404-en

Max time kernel

301s

Max time network

315s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1580 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1580 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4556 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4556 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4556 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4556 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2140 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2140 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4556 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe
PID 4556 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe
PID 928 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 928 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 5112 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe
PID 1228 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegZNYGV

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegZNYGV

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.0.520854608\1209044074" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {350945e8-6662-4607-a880-230de9634833} 1228 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.1.942952070\747361607" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {f7d539c9-b586-4708-b0f1-44d49a50488f} 1228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.2.1414371368\1343410263" -childID 2 -isForBrowser -prefsHandle 2788 -prefMapHandle 2552 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {193a824d-db77-4bd3-b7ee-932e567d8650} 1228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.3.329580449\334635092" -childID 3 -isForBrowser -prefsHandle 3432 -prefMapHandle 3248 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {4b771bc6-4bbf-468a-a40f-a44cb7fcd342} 1228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.4.1624458778\1599117298" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {07ae5f75-5316-44ee-b745-e3a629ef6e49} 1228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.5.864663864\1071159428" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3400 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {d87174dd-8226-4575-90c3-f0a35b6ec5e2} 1228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.6.1321988783\2446182" -childID 6 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {568accb3-50b7-4628-bb7f-cfee73f65476} 1228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.7.732954757\519334223" -childID 7 -isForBrowser -prefsHandle 4368 -prefMapHandle 4404 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {11d4b1f4-73e6-4089-8787-e3cc7cc9f58b} 1228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.8.191942666\233218120" -parentBuildID 20240416150000 -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 27407 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {6e0590c7-a80b-470d-8a4b-77ad497e4e0e} 1228 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1228.9.1641058702\839610332" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4240 -prefMapHandle 4236 -prefsLen 27407 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {fcc755ea-189b-4eb4-8dc8-ad961ce290b4} 1228 utility

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.0.1692768599\78684936" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {306cc1a7-8b8d-47eb-9a48-be2fecdfeb16} 2716 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.1.972321515\1091172698" -childID 1 -isForBrowser -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {6f07bb48-a578-4b14-80a4-5911ce6c0a89} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.2.622430657\899299056" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {411aa358-b31c-460b-8497-15047d287d53} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.3.1131649246\893280187" -childID 3 -isForBrowser -prefsHandle 3028 -prefMapHandle 3024 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {3f410ad2-aa7d-457e-8aad-a5255a430e8d} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.4.912480298\843103536" -childID 4 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {f705373e-e441-4931-b06a-11ca97df0e7b} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.5.261348897\1845233773" -childID 5 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {7c5c4021-9147-4601-b06a-54b83167f680} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.6.1586752781\1993817160" -childID 6 -isForBrowser -prefsHandle 3800 -prefMapHandle 3804 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {ad8c5202-ed10-45c6-95ac-40da28433a2e} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.7.1841623804\1637149573" -childID 7 -isForBrowser -prefsHandle 4360 -prefMapHandle 4172 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {8b9672c0-b86a-44c6-9962-cc5e4d797d02} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.8.1405855387\1902576404" -childID 8 -isForBrowser -prefsHandle 4360 -prefMapHandle 8528 -prefsLen 25456 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {3c78d9b5-c1a3-48ea-8f54-530b8be27567} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.0.23789363\284552455" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {acdb571f-8c62-48f5-8d5e-d11a40d07c5b} 4712 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.1.1342043938\375862829" -childID 1 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {bec0af4a-deaa-492c-a3dc-16ccf26baeb2} 4712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.2.235127830\612268751" -childID 2 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {2b4ec223-4ed8-4ba9-96eb-32130f5b7ae3} 4712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.3.731255977\2025309845" -childID 3 -isForBrowser -prefsHandle 3364 -prefMapHandle 3368 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {0a25724f-7b47-4bb4-9387-7adfdd4ed4d9} 4712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.4.623903038\1423095221" -childID 4 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {f917974b-1cba-40e5-9723-425f6b36dfdb} 4712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.5.68841883\151558830" -childID 5 -isForBrowser -prefsHandle 3768 -prefMapHandle 3532 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {831c9c5f-b8dd-4270-bff9-6003a3f47bae} 4712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.6.1526954141\703023236" -childID 6 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {e8a09cd3-475b-42a3-a4d1-aa3d5e327004} 4712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4712.7.714247861\2146441155" -childID 7 -isForBrowser -prefsHandle 3932 -prefMapHandle 4352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {375b6cff-ab3b-4f1c-be51-09f82c74dd49} 4712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6BK8p7

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6BK8p7

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2364.0.1905929760\1109291468" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1468 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {55098268-8fcc-42ea-99ca-fc53bcc8b4c2} 2364 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2364.1.1442994751\326081364" -childID 1 -isForBrowser -prefsHandle 2504 -prefMapHandle 2500 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {d028aa58-fa7c-46d2-bae7-2c14870fc610} 2364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2364.2.487847163\1200241814" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {0ad10b43-c8ee-4518-99d3-82331092bb47} 2364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2364.3.2084939208\1329102951" -childID 3 -isForBrowser -prefsHandle 3244 -prefMapHandle 3248 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {9d276d88-2096-498e-a8c5-de8cd4974447} 2364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2364.4.979120991\1903554193" -childID 4 -isForBrowser -prefsHandle 1348 -prefMapHandle 1372 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {4b4ef3aa-eda3-41b2-bb61-a3d4482f563f} 2364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2364.5.127990499\1758756016" -childID 5 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {5c0fccd9-971a-4016-b0bf-5754652ead7b} 2364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2364.6.130108352\2027817742" -childID 6 -isForBrowser -prefsHandle 3944 -prefMapHandle 3952 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\browser" - {6b672a51-f4fe-430f-833a-a5d1b76794ee} 2364 tab

Network

Country Destination Domain Proto
US 135.148.136.227:9001 tcp
US 8.8.8.8:53 227.136.148.135.in-addr.arpa udp
US 147.135.65.26:443 tcp
DE 37.60.243.121:9002 tcp
US 8.8.8.8:53 121.243.60.37.in-addr.arpa udp
US 8.8.8.8:53 26.65.135.147.in-addr.arpa udp
N/A 127.0.0.1:50149 tcp
N/A 127.0.0.1:50151 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50244 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50252 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50596 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50604 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 udp
US 20.42.73.30:443 tcp
US 8.8.8.8:53 udp
SE 192.229.221.95:80 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50969 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50977 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:51316 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51324 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

\Users\Admin\AppData\Local\Temp\_MEI15802\python38.dll

MD5 7489da58fba40a197addb6dfd393ea19
SHA1 1d317e55fcd9fe0aff547e641d8e45064a5c80e8
SHA256 def73ecc7fdabce0f6cb89ff2cada1b67c63117d1df470b13f524ab841370f3b
SHA512 eb3ecf61c01693277f707cbef9d122b374fe7649cfb321cd7b7f8c12e9fb53b4516fd8a16709f2912dd5933365ea8ffe8f15cc18c120cd3473d90278c75d140a

\Users\Admin\AppData\Local\Temp\_MEI15802\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI15802\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI15802\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI15802\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI15802\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 549e54a44c7326c30548c998a1d16424
SHA1 d4375f9ead356aff85d60375b08db168195d5089
SHA256 fb2df7a858dbfacbedb5ce100bc71dff2b1e1991b2d574c1d3d46701ceea5433
SHA512 7325a6d2ed8cf43c4665f2cda3f4f9578de7a87cf70178eff7e927bb8b58f0dceff4b4bf6029593ff64fab052718cf2da8228275580071de2d0fb77fcb4bb897

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

\Users\Admin\AppData\Local\Temp\_MEI15802\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe

MD5 ecd8efd4cab1e6f7d84483c09c9ce6b7
SHA1 aafe438def0edbe9176f462d1e4e8c4a1883540c
SHA256 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec
SHA512 eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp5sz3iy4o\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

\Users\Admin\AppData\Local\Temp\_MEI15802\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI15802\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI15802\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\tmp5sz3iy4o\webdriver-py-profilecopy\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\tmp5sz3iy4o\webdriver-py-profilecopy\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\_MEI15802\top-1m.csv

MD5 6d010d7222a064158f722ed32002ee0f
SHA1 ada8022438f9c6ccc7fa03448d5aa229c047d4f6
SHA256 0bb50c31f2d2f058f164286bebc56bf423abedef631824e65439feec42c3e306
SHA512 0be5c258974640f84da720e8c4d3561685740562a39373f282d185b0c88dc2f967f78859e313c8800879b39f0274a1a99ac51ca60414507baea715e0f199fc33

C:\Users\Admin\AppData\Local\Temp\_MEI15802\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI15802\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI15802\mozglue.dll

MD5 9647b3d2d168398c6bc9e9d939596971
SHA1 0d420aefd2ef229a7030b840796b95f2875d848e
SHA256 79f51e2545df5509d036b1565bc65f1183234494ddf4fea1541ea797ac541e1f
SHA512 f9d040bed9518cb0098c18abfa3056e78d0507a8e15898172e9c9cbafb3d1aebf2d4ecd1c20e3b00e746105fc56d4da16d949966d9385586e02c080a52d6b04c

C:\Users\Admin\AppData\Local\Temp\_MEI15802\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI15802\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI15802\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI15802\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI15802\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI15802\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI15802\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI15802\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI15802\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegZNYGV\extensions.json

MD5 a247c6ff63f1b5acbc5882d0741a91a5
SHA1 37241e5e25e19d71ddedf50941b45f83e8a88c91
SHA256 b62ca470a910876aef61741a68458cca8c9f74eb13e3edc1efb0ad29991b8c78
SHA512 94ef4faf7382c6a544cfaacee563a59db56673077683a7225e235f476c77a018f80e45fd4ed6a4496c5a247f93068a25209c9175336abb846555e96f1d2bab44

memory/1228-549-0x00000195FB8F0000-0x00000195FB900000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegZNYGV\prefs.js

MD5 83d33623161c250bfbedadc51bf62e83
SHA1 849f10d0f4a89b60e49b543c6202d0bfff8319f3
SHA256 2a84128fdbe8f158e458d7ad22a13400eceb641f3d741dd85eaeb11853dcd19f
SHA512 8878e5fad71e9a513b8565f7da6f07757ae74591337a764924c9394f34e33f4fcd1708e6d6257c168405101bf11cb5ece99f194e665e5daabdd7bf7f43cd866d

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c7d3e8d0593de723fe48a6030ff99b8d
SHA1 7156a848a6dc3335459b858eac6af964d6d6f46f
SHA256 3f59f4114de59f145da21e15b7e3c6c08dafc1fdc2aaaab68e8d55c0e709feb7
SHA512 e33b84f8970a96ce92498ded40175e5ff4e85099c35cdc6a0dec53e7d150c3b864cebd232ea3b5235d7589bec78e733be0dc2767d73c4c7e29a3875b0990f589

memory/1228-612-0x00000195F9A90000-0x00000195F9AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegZNYGV\prefs.js

MD5 152feb6252c481395e4b8683e036581a
SHA1 4ebce8bce101aee237274bfedb2d39f65a7b4f1d
SHA256 101fdfa8507a1ed0aa783a4bf8ab8ef1a72713f595249e922ecfe88492948b9b
SHA512 1490bea2abbc1b5248237b13f80cdec9994658f1157a0b0dba37866a61971e6861587ac8ca31fad933975293975a97a03bd62ee83d47b2db7cba223022de9320

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegZNYGV\prefs-1.js

MD5 07ed4bfe8896ff491faa2350107a46e7
SHA1 72b4679a4ab3a48248119d99a8bab7c0be109146
SHA256 2f2fe39b6704367e7ecd0dd6a8c41c4ca3f1771c7ff679782590c37816d3cf30
SHA512 4c154c8bea35dbbf746cf69bc33ea1f3b0fcdbe51ed6e50ec125f1284eb9461633077a705e566133b8bda665751780fc5caab6db9529b7975e7b893b1f935a79

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\prefs-1.js

MD5 234a09e9c533b9b6c72c5496c8f1fc5d
SHA1 5ec58c947f304e3875419b18f21dd2535fd49918
SHA256 3ee8923b6b8d4c7e87f6d4e5d2cad368cc89af26975a108b16011c4120aefa0e
SHA512 9c62a8c289c21364d73d3f4b1b5ce787c1b22acbd46875b69dfe83aeecaa6fdd65b373d500c6a98f1bdb87833673276c3e0a420e9f60047905958cb5a4b86bf5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2716-833-0x000002147ED50000-0x000002147ED60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\prefs.js

MD5 676469ea3fbca67200a50bcab538851f
SHA1 c69704c2cfd11b6555a43d4b82d0cf87b21f4bfe
SHA256 66754f8800bfa6aab58ba917d72098b0f1d9eab4ebcc8f728069b0f1d47dd029
SHA512 68325d807414dcfa46756df6b61e3f633f04f533f719229da11a0a96ae5474594abd119ffa8f2e4bcdae3bd58cf6ef4d5a3ae474e55b8d95cdbd838110a858eb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

memory/2716-904-0x0000021473320000-0x0000021473490000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\prefs.js

MD5 581b6638119f3093bed4711e889ef29c
SHA1 14952c11125aef79f63e36fd215442bee36b400c
SHA256 1a259b5c968f4b859ab28e409b76164fbb03a6c4080d2a875657997dde5ecacd
SHA512 5c802413494f57a89592587b4c2b996723d8c6bfc780ba4b86b68c985a081cb723f31484445a69247de29cd425b3493661a81ef410524b4a66c21ec7d06501a1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\prefs-1.js

MD5 32a793ab3c72e4e2e2d759f6d3df5332
SHA1 1cc17950f1060d9baf01984db43c42f1129f7e8f
SHA256 7623c1f5f9305c78e35329446b47c226b080c51b469f74bc60e5d2ed192ddf6c
SHA512 bd57fc0eb6c23a3baf667dddfa7d89adb939556e443eaf650f76bd5915a97fdd6fd138225222a12f7780325014aa4632f10c14f36369b024df478c101245e6c3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\prefs-1.js

MD5 c9ef255df65ae4b30373641f449da07f
SHA1 4db77337028ba506285b7756585d048277add4d3
SHA256 eea4de4a366df728903666320e8f51c0fa9171b6b68bef6cd5dd7fb4bcb88cee
SHA512 7cdb99cb5ba43fe52d69cb342936931b73242f72097c9ee4154665b03cd4dcb3a3359aacd62fa32ccaaa9a285f47e3387cbc5a6859e1f7952be6e42ae309ed2c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehkImvz\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

memory/4712-1149-0x00000276CB660000-0x00000276CB670000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\prefs-1.js

MD5 0fffc44188ca312f247ea52c8996bb10
SHA1 4c9e8534f4e905a13dae2517dd3b73153a541fd3
SHA256 8ebea425fb78a11f8c892a24985e9f6be29c35895181e0c3913f8e1c36ae7817
SHA512 cb8810516ff16a9700be25561178899d82c0c8f5163327db25fbe0f432743f7e85f9f5a2e3f962ced62bf2b01c8e66904bfb6ca46c68eed90f676d8b03b0defb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\prefs-1.js

MD5 671a41399ca8c38755cbe9c8259cda02
SHA1 9add3050d7aca0bcdc3a3011bad0a63aea5d54de
SHA256 3598fc059e29406ef2e66bef17598c6231aca54341557ad18eb11dba800ac580
SHA512 2fcc400016f51fd2935ed64d708bf42eeb20a577f17bc749b0817f5f94ed06e125f882cf4fecd184dd09fffaa70b785468e27438deafd7749d035636cbfaa06b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\prefs.js

MD5 05559e3c25171c9c125547d94f7cd8b8
SHA1 7c0370186ba4663e8e0a5113ffabbce88f847032
SHA256 38e85b34f59643aca5619b2742de3a1123dd66f213c4bc260f7a0c8fe3590df4
SHA512 0ad29774a335b025ec21a7408d0b202b96048d7de1252be8c2414c72e3d03f1414108aa06de9e00a6be5c7c080fe428be64a8158c0dc2584de9743fe91eedb75

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilei8wNt7\prefs-1.js

MD5 b3c87810dceb0df8b4a9da1751687e51
SHA1 663fd94abfe76408bf55cd688017f9a53318de59
SHA256 9940dfd04d95a77ca67413788d882af8bae4766b185b146a810a244628fef056
SHA512 a27a3c7f980625c40cbb26b16e412126fbbeb5cc06dd05705f0f66a53ab4c35bfa5708347a747ffceee8db502c8f3270a34cf7922b490d742558969a99d627f2

memory/2364-1452-0x0000015BC0E20000-0x0000015BC0E30000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win7-20240508-en

Max time kernel

289s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1748 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1748 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1748 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1668 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1668 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1668 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1668 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1668 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1668 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 288 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 288 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 288 wrote to memory of 1076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1668 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe
PID 1668 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe
PID 1668 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe
PID 2996 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2996 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2996 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 2124 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 992 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegIoF9H

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegIoF9H

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="992.0.653492056\1080011152" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {47d1966d-7d0e-4c88-ad3c-60a4edc50db6} 992 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="992.1.915953561\2072133051" -childID 1 -isForBrowser -prefsHandle 1972 -prefMapHandle 1732 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {1e708051-163e-44ef-beef-e9e444df36e4} 992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="992.2.768608212\1711712222" -childID 2 -isForBrowser -prefsHandle 2120 -prefMapHandle 1948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {33767bc5-c12f-463f-87bc-3f74ccb0edb8} 992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="992.3.950729857\1568293237" -childID 3 -isForBrowser -prefsHandle 2312 -prefMapHandle 2296 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {1de7ede8-abcc-4d6f-a256-adc34ff6f3c7} 992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="992.4.1077466836\1520021138" -childID 4 -isForBrowser -prefsHandle 2368 -prefMapHandle 2348 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {9b64801c-d6b2-45fe-9303-ee35fb126d52} 992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="992.5.1688147685\481200719" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2932 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {67c5f163-2ae4-41f0-a21d-c219aada2f99} 992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="992.6.1104270573\661382082" -childID 6 -isForBrowser -prefsHandle 3088 -prefMapHandle 3092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {fde7f160-70ad-4457-86f0-0437373a1d38} 992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.0.1163985816\1663053924" -parentBuildID 20240416150000 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {c736cc80-25ca-48e0-b30d-a47fba395ac7} 1680 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.1.998406702\1564260888" -childID 1 -isForBrowser -prefsHandle 900 -prefMapHandle 1948 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {26a98f29-0628-4cd0-a66a-a790899ad0ce} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.2.81627694\131316895" -childID 2 -isForBrowser -prefsHandle 2364 -prefMapHandle 2368 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {774d3f5e-47bb-40bb-a827-596276538ee1} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.3.1000459390\242365879" -childID 3 -isForBrowser -prefsHandle 2340 -prefMapHandle 2344 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {184d6b8a-814a-44c6-ae2e-9261badf4667} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.4.681629550\846683296" -childID 4 -isForBrowser -prefsHandle 2740 -prefMapHandle 2712 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {ce0cff8e-11b3-4745-b00a-22a99b03187d} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.5.1114462188\1103456090" -childID 5 -isForBrowser -prefsHandle 2828 -prefMapHandle 2832 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {59ec6898-3aaa-4d84-b98b-95cc217c3afb} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.6.1973594244\1180262885" -childID 6 -isForBrowser -prefsHandle 2984 -prefMapHandle 2988 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {f9d79ef5-b439-4196-99c5-34015d1033e5} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.7.1456859995\310052265" -childID 7 -isForBrowser -prefsHandle 3364 -prefMapHandle 3360 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {6365aa28-2d26-4a89-a315-d8871d9225da} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1680.8.663574824\1487451395" -childID 8 -isForBrowser -prefsHandle 3136 -prefMapHandle 7364 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {a155ac3f-9bb5-4b0f-bacc-7890d9c605ae} 1680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileER7cV1

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileER7cV1

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.0.602132166\1520941226" -parentBuildID 20240416150000 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {dbd95077-17b2-4b00-9ce5-5abe003fd412} 2772 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.1.285457321\1391617068" -childID 1 -isForBrowser -prefsHandle 756 -prefMapHandle 572 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {5ee7a487-8cee-4efc-bcb9-e45a0c1131f4} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.2.780222082\306581439" -childID 2 -isForBrowser -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {21731c5c-faf7-4dab-9016-38e1dcfc1d2b} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.3.93562823\416472233" -childID 3 -isForBrowser -prefsHandle 2452 -prefMapHandle 2440 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {38f92368-3283-4515-b653-ae2fb3666c98} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.4.1088825128\2014623970" -childID 4 -isForBrowser -prefsHandle 2772 -prefMapHandle 2764 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {25d8058a-16c1-4b59-8766-930a109388b5} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.5.745952997\1397710576" -childID 5 -isForBrowser -prefsHandle 2892 -prefMapHandle 2896 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {83b77e43-e1de-4b52-ae68-811c941aecfc} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.6.1531419372\482556548" -childID 6 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {35778d8e-d066-406f-acc3-7cf9ab14618c} 2772 tab

Network

Country Destination Domain Proto
NL 51.15.150.228:443 tcp
N/A 127.0.0.1:49519 tcp
N/A 127.0.0.1:49523 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49663 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49698 tcp
US 51.81.201.207:80 tcp
FI 65.108.74.41:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 5.9.251.179:9200 tcp
US 51.81.201.207:80 tcp
N/A 127.0.0.1:9151 tcp
US 51.81.201.207:80 tcp
US 51.81.201.207:80 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:50155 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50190 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:50749 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50784 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17482\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI17482\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI17482\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI17482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI17482\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI17482\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI17482\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI17482\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI17482\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI17482\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI17482\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI17482\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI17482\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegIoF9H\extensions.json

MD5 b7843f9866c9da4627176ce7bb3ecc6a
SHA1 0665aafa5f5f4a67d9432c6b049df8600009d038
SHA256 3d6d0338c1cd0af90a09454638c50574418eb17ba26d0cfd4e0636c9b335a94b
SHA512 e24a12716dec2d3a20e64f788347d2533aa00b72f92c8b6e9a21e93e9305a1fa10090e89efcb6b83a2659aa74a7a24ba5716385c98d164e81d80452ee2afea0b

memory/992-703-0x000000000BD70000-0x000000000BD80000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 d98900adb05cfe1b9d6a68e1871889fd
SHA1 5c3d9f4f30b0f9ed66140aa66d2f36f201577d41
SHA256 ee90551019b1182acc50e8cb793e3796d7606f9974a229f477b35b586554e51a
SHA512 c95496f94e415be258259c4370a2b525baf2cdd3ab1031cd0c2fb383cfde4772e7a36b7e3fd78805677e711a878ec1c894cf81eb19a155bc852fc28cc17da020

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegIoF9H\prefs-1.js

MD5 95f60e26523ca5c0db735ebd12ca80c2
SHA1 217b925c2e95e9b0389afd6752ff87c433f12f9f
SHA256 f52003b6ab10d6de557b73945602547a4a737e96aa6d9780bb9111cef33ee5c9
SHA512 dfad05fa899a87808352bf614d6ba3df3071d8e897692104e196ed5c063402ac81ece2d8d8360ace96e152c049867490857f60718fff3a4db61fe263b47d4f5b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegIoF9H\prefs-1.js

MD5 29784af722fd03d5f18180174e32fe64
SHA1 fd5fd03238ab84296a0af071f80fffda5e432555
SHA256 7b30b568ca2fa045b91289ccd29916817d191d267b9b9a026e439167ccbbe0c4
SHA512 54fe31734604f637d00b7835cec36e2306e1b47a4a53bb0b689adc1a64ba09c23b7daeac402047913e1f14488b38b4cd0f922ba82eab9513dea0d2ed6d048aa5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\prefs-1.js

MD5 8139171d46fc2ff49f619e54b204352d
SHA1 f2f3801267143a497258f290a1ae82f9c016fbbf
SHA256 7eb5d333ba756c0ccda01834568932854623dd484e683ee3866545b26ea1f0ef
SHA512 5b8910b491855533f7c785c5b968111a454fc4cf6de725ba5eada063185817773b2316d3f94510655022c043fc80d1f7a71f0f5ceddac62f258bd089e4abf410

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1680-1145-0x000000000AAA0000-0x000000000AAB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\startupCache\webext.sc.lz4

MD5 3e9862be8fbf422b131d202b0483c000
SHA1 b755cc392ed8ebdb2517f961366a7060fb645ab9
SHA256 cba8cdc03ddf8f0d2f69e9cfe31b25f7bde4a12d19eaff97e640989f20dc030d
SHA512 2473c66191c6e8d38a48643e5ebab9c312dde1808571a8dcfd3f53258abab1c32e91e163b7639ac6da3ce5c76ac37c6fddd3d7dcf1dc90aa9edfc6652f57d350

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\prefs-1.js

MD5 3f6900b427e50c5a7bc12e19b54bf17e
SHA1 89c5b0ae4f5d5f0dbd19ce38c6991979213afd60
SHA256 e679b55a78f3f13bdd2a44a33d41e96caee35d6def667343feef2737b3b2a794
SHA512 86e9f0f83f1f665466055802778c98e2f77e7678deeffe47045e572ca537dd2a31ae22c1939917011f9006b50a617a39890f366e42ac77809969f6e34fe1a089

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\prefs-1.js

MD5 222f293ecfa559c056e13cdb9789b9bd
SHA1 8c796d68e5f10064b7c7f59d70eefb7941d5f84b
SHA256 d677be8b42a6c2a9717a26131ba0aa7f179ccbd97fc84ad6528ae954e9fbeda9
SHA512 5ee819f7c1a0e7f25c8042ef9ef2db2b114d93a6751dc6b5d7ad2b4b8315ac5abb9c5078fcb0a1dfbad898967116f94bfb92c6a969709f9bd84ee800bbcd250f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGHAy0\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileER7cV1\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileER7cV1\prefs-1.js

MD5 fd4517c302ed7822fe8685716a0691e2
SHA1 025a91f2940153ef7f9e5c6cda95ba0e9710b89a
SHA256 d7eeaace3ffbf1ff7ac4b60460077334b15ebfc3f27876a798ad6c740f39d5c9
SHA512 4cdbb639d2ccf24c549801e8206093474c0b5bb3fe2b735b815f231332325fec371b10f5001f69d1429fc479ae8873ca39ec090f3c122a8b8b01fe1945997f0b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileER7cV1\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileER7cV1\prefs-1.js

MD5 6a20fc2573c21e130f1ce9e335791504
SHA1 576fd46898f27968ceae8517fc424e901f6cedf5
SHA256 5da0ba3bfd766bcbfd3200d145c0829e954db6d8cf3fb865e00c27756d227362
SHA512 895bee4794c8ec80fb327a5afb00720b617c1acda3a7a356ff9d0f0a851f1d58de2efc72f427bf86bbdde6def53993cc303859619d72973e83e02cf61d7eb296