Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-bje3kahh81
Target medium.exe
SHA256 335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb

Threat Level: Shows suspicious behavior

The file medium.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Checks whether UAC is enabled

Enumerates physical storage devices

Unsigned PE

Detects Pyinstaller

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:12

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2108 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1552 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1552 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1552 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1552 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4452 wrote to memory of 4352 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4452 wrote to memory of 4352 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1552 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe
PID 1552 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe
PID 1360 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1360 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 64 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe
PID 1152 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe --port 52515 --websocket-port 52516

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52516 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1MFqIg

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52516 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1MFqIg

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.0.95824172\433713999" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {e51ae920-5a8d-4647-b444-50e88d7e02a7} 1152 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.1.706705075\1919831806" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {d5b0cd5d-2d5a-4d3d-951c-86ae95359b98} 1152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.2.1829083303\740538032" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {868b8742-0746-4b9e-8401-652b7cd6756c} 1152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.3.1731376339\893968431" -childID 3 -isForBrowser -prefsHandle 3200 -prefMapHandle 3248 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {2be63e11-488c-492b-b0af-5aaf8a9b09e1} 1152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.4.1087436906\843479235" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {03cc133b-806e-4f93-8018-be6e26810e82} 1152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.5.1119261120\766692236" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {5dc4e470-7762-4c33-8ffe-1e0953036022} 1152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.6.391446677\531607934" -childID 6 -isForBrowser -prefsHandle 3960 -prefMapHandle 3968 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {b1d6a71d-e324-4054-bc4b-9a45afd43bfe} 1152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1152.7.116505063\17268714" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 4520 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {ca9528e5-ed40-45f1-8f6c-8f40cfd44ae5} 1152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe --port 52515 --websocket-port 52516

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52516 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52516 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.0.444862269\1961653082" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {6b4b24d8-830c-4f91-aef0-c4743853d430} 4420 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.1.1470213324\743807847" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2640 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {d5655db2-93f7-44d6-9acb-5c1be368fe76} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.2.240602455\107948349" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {b34eb3a4-b9f1-4d9e-acb9-b31abb77b3d2} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.3.1594841308\814423028" -childID 3 -isForBrowser -prefsHandle 3564 -prefMapHandle 3572 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {e5a6af81-7c0d-4656-abc7-c91b5908543f} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.4.1982272011\14753974" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3836 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {ed12ba83-089e-4ba9-bcfd-d0c34ffff2c3} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.5.606432345\23931317" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {10aa76a2-3daf-4ee0-a4e3-600d2970b0ee} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4420.6.2117737805\1559901092" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {38a0b555-642a-4b70-8732-1f5530a328ab} 4420 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe --port 52515 --websocket-port 52516

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52516 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52516 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.0.577326740\1333992665" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {c48c4d8b-8615-43f0-962b-6a37e8c2dba9} 5080 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.1.1282012925\1942380310" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {5dc4c5a4-b159-4464-b08f-d7b51f545dcc} 5080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.2.1454929133\931038086" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {6168b13f-7be9-42ed-b6de-f08c42f972b5} 5080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.3.2018260332\788489116" -childID 3 -isForBrowser -prefsHandle 3296 -prefMapHandle 3284 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {1fbc24ad-71ac-4960-944b-e5bc136d8c72} 5080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.4.768832469\689490678" -childID 4 -isForBrowser -prefsHandle 4000 -prefMapHandle 2312 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {7f4fb74a-df03-4ba7-ab0f-918414d62948} 5080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.5.1199483740\150089451" -childID 5 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {7b3232bb-7bc8-4715-b162-c02cd779a98b} 5080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.6.1781049939\214456798" -childID 6 -isForBrowser -prefsHandle 4344 -prefMapHandle 4348 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {0687df78-2f4c-48f2-965f-11da3d219f1c} 5080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.7.1610324889\1014809583" -childID 7 -isForBrowser -prefsHandle 4632 -prefMapHandle 4636 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {a344f164-777c-4a34-bd34-128035f60d77} 5080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.8.1955472794\1385563316" -parentBuildID 20240416150000 -prefsHandle 3904 -prefMapHandle 3860 -prefsLen 27675 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {ffb17819-c525-40e2-8e9c-eb81744988a8} 5080 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5080.9.581267629\77418981" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4728 -prefMapHandle 3892 -prefsLen 27675 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\browser" - {496b9dc0-be22-45f2-b248-514040abdbff} 5080 utility

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 135.148.136.227:9001 tcp
PL 45.80.158.205:9100 tcp
US 8.8.8.8:53 227.136.148.135.in-addr.arpa udp
US 8.8.8.8:53 205.158.80.45.in-addr.arpa udp
N/A 127.0.0.1:52618 tcp
N/A 127.0.0.1:52620 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:52714 tcp
GB 80.66.135.123:9001 tcp
US 69.197.160.206:8272 tcp
US 8.8.8.8:53 206.160.197.69.in-addr.arpa udp
US 8.8.8.8:53 123.135.66.80.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52722 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:53132 tcp
N/A 127.0.0.1:53140 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:52515 tcp
N/A 127.0.0.1:53420 tcp
N/A 127.0.0.1:53428 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21082\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI21082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI21082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI21082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI21082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI21082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI21082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI21082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI21082\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI21082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI21082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI21082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI21082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp4rka6c_1\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI21082\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3344-483-0x00007FFB03690000-0x00007FFB03691000-memory.dmp

memory/3344-482-0x00007FFB03530000-0x00007FFB03531000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1MFqIg\extensions.json

MD5 5fe729a884bf7e289973c77ae59fafa7
SHA1 2a88bc684b8e312ae6f8965723a104cde1d615e5
SHA256 d0dda92da57003870e3c2201c2cebd8627a3a8e3e7dc316ada96a0ae89c806f1
SHA512 1d5be1c7daa41e2cfc56a18f77072109b45b2a9537e53c13d349083ae9c25bcc870738ec7e304360e372d9f37c2c0bc4ca85eaf79043a7523a7574d6e576fb15

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 5c6284a65cc896062a102e17fba7494d
SHA1 ca8dfa9e7bfea59d0fc6c1465e46f6f41acce523
SHA256 0e61e4a7c3160a19e0997f21facf982d7599639605f99b82371972c47c8c159d
SHA512 a82798a3ef23be2b1c627173f181a8ae9aacd82a3d04a354cd690a03e4c58c35f207d15d24afede78f8aa96d176626ff244545c1b426f2f3564a942ffbb6adc0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1MFqIg\prefs-1.js

MD5 c2c6259964b1526098b11469b5a6e62b
SHA1 e8ee53d647a8258edbc43a67a455cc21e4eb9e18
SHA256 0fc5ec1ab65e762e07d40aadfee82b19d05d98204dd70cc3cb119f1157577651
SHA512 074e02b23107b725fd19d7483aff6850ecbb6a3cb5330297c99cfc1d11e04be170e1679313a8575fb592bbb5bf4bb9ee78015bd82189f4c3dfb4b4747742b2b8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1MFqIg\prefs-1.js

MD5 bddfc5d74b74850057ce81a2ad749079
SHA1 7a779acef69abd0844397206532432999508cc28
SHA256 163c251ea1ad33b5c2f8eb82e9ceb41fe6405019a8ee34dcebf1c81b2906ebac
SHA512 7453ac2ea3fd8b7d5e01191e70cbb9b502f61607fc072cf04219ed10c6680c326b30d7f49bef308b5c563dfca14c7f5eea957cbabd1b8ce124a704db4c11bbeb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\prefs-1.js

MD5 7477ffdbcf65d1bb112e0025c4eee2ce
SHA1 0db7abff8ff83521267b682fd26efbd0aaf4b220
SHA256 17ace10b1895598869457f24ab5e4a929c08f8bcb25f5c267f4bc451736c0d89
SHA512 79db788bfee8b35e9e15899a348b92729e54d4eac6440d6a843576b974136f3dae69caacbbfa43fb32411c2e14ac06a00ec63616e8fd428a832bccc1a05e103d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4420-900-0x000001DD9EAA0000-0x000001DD9EAB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\prefs.js

MD5 7924303a9c968c58db842596ec8137a8
SHA1 cf2de3d031bda3cb3039d919776ec3efa971e8d8
SHA256 d8b97ffec6c07d78f5a526b533eda24426d500219c8b185d8d80f2c95d8a8cbb
SHA512 a5732d011f1a52ce4f50105d0be744e6f60533ba13d56be30209877a2f06062e761eb8825b372912722bf681d202e13284fc3ad94220315416cde5c6df027bfc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\prefs-1.js

MD5 b5a9518eb6559c22eeeeabc0814cd003
SHA1 4be77557dc437178b03f3e9ed39e4a6bb047c0b6
SHA256 f4bf782879cf0e30e80d5505f83f35cfe59b88157c5b5404bb83bf247a7c482e
SHA512 f22cb53b6a5c96a3ed0fa4f21fb485d1ed7565c0281c66742274217e0e75cedcc9364cd78bf23055603bad36fd10e76fb6d0382ffaba6344a8ed898cab7e0ecf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilev94Kef\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu\user.js

MD5 e1488851d45b48562884ff3ecf8d6f32
SHA1 5e0002459391223852619473b3758e528fb2198b
SHA256 57d98bf4fd8f225db595a9c9b3f930a1724ea24ad00c876e63b940575797251d
SHA512 7f2912f660760ef2858f1fb9723b0452f49c7e16e03f48d56e60d77657eb78091ab91c5f6200fe2bebbe689e1f404589ca732c4796f9512faf75cbc2f8982034

memory/5080-1183-0x000001AF32320000-0x000001AF32330000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu\prefs-1.js

MD5 5fd9c3be7b396bf407b4a93bce9bdd8c
SHA1 23eca2699481653d91fafffde336af727c64b9e7
SHA256 479ece5ea2c923cb8b8d549bcd5303ad4b98c673461f845772cb66293efdefc2
SHA512 76de039d96da2515a3de3fb7ed97e16909e23eae63da4086a35de2e9e9d015cf50140f80f8797fd464b715b8d8cf1f4b3f37ca198eb578898473d38a442bb2a6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL7d6Wu\prefs-1.js

MD5 4d5ffbb0264731b7484b4e51d0eaffbd
SHA1 3d8d078825a2fd804e3a368e0b6567796e4ad835
SHA256 2850e4b0dd067b83ab8f8534c997212f0ce2a000ca4f24ba7c11112be41c647b
SHA512 6e0cf5159e71cd63e56cdefc4a6ca9e116198833951a7b326e9d7bd12d0fcb7a2b3fc5694d4f91b02c268b30ec31c32deaa98b42ba92e93e10706d0e86a25fc7

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win11-20240508-en

Max time kernel

300s

Max time network

313s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1948 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1948 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 5008 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5008 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5008 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5008 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3496 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3496 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5008 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe
PID 5008 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe
PID 3168 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3168 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 2068 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyectoL

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyectoL

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.0.1950585057\943939253" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {ec3ec27c-0a22-4be9-80d0-952423e0215f} 2068 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.1.352039935\195706870" -childID 1 -isForBrowser -prefsHandle 2496 -prefMapHandle 2672 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {db165e41-a06c-4686-9084-6937544187c5} 2068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.2.1054239067\408627598" -childID 2 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {b580ba6f-7071-471f-8409-c137c6bb97f2} 2068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.3.525172000\1927727717" -childID 3 -isForBrowser -prefsHandle 2640 -prefMapHandle 3344 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {da025356-20ff-4d83-8dd7-7fa8285d341a} 2068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.4.1380675593\1160735847" -childID 4 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {520c6b07-c3f8-48c7-b528-ef5aa70bbdca} 2068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.5.525075152\2126118217" -childID 5 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {0580e35a-b5e0-481a-95ed-53e2c864cc4f} 2068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.6.583217543\388771287" -childID 6 -isForBrowser -prefsHandle 4036 -prefMapHandle 4040 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {74cc2acd-2a41-4218-8eb3-1a58b151c8de} 2068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2068.7.521689224\2063645991" -childID 7 -isForBrowser -prefsHandle 4324 -prefMapHandle 3428 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {d9fd7034-381f-4896-86df-e518f1744373} 2068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.0.1143238111\861890953" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {9a31ea0d-52d0-449a-842a-99c8189b3cd5} 2456 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.1.847252298\1823695355" -childID 1 -isForBrowser -prefsHandle 2704 -prefMapHandle 2464 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {d4f4c5ed-c4ff-4c9b-a75a-6b5efff89114} 2456 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.2.478124814\1672488001" -childID 2 -isForBrowser -prefsHandle 3056 -prefMapHandle 3048 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {6c97866b-e88f-4eea-853d-083e9d253fdc} 2456 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.3.1443415446\871947115" -childID 3 -isForBrowser -prefsHandle 3536 -prefMapHandle 3540 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {32764e9a-2b6c-4ea0-82cd-66e7c37f20c6} 2456 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.4.1891063737\1046954357" -childID 4 -isForBrowser -prefsHandle 3164 -prefMapHandle 3672 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {ebf9ea4e-9a80-4603-8878-99ebafeab2ba} 2456 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.5.829428470\2076284551" -childID 5 -isForBrowser -prefsHandle 3740 -prefMapHandle 3744 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {cac9c319-01a0-471c-99f8-678df9ecc989} 2456 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.6.2095735258\668050196" -childID 6 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {ec9e47f4-7339-4c6b-956f-1591c147a737} 2456 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2456.7.1811811477\1152626231" -childID 7 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {6d3378bd-e84e-4f2a-ba6c-3a9ca9cc42c5} 2456 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelupVOn

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelupVOn

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.0.84300775\666999431" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {7a7b9129-7a0c-4c2a-af1e-bdc0d94a38b7} 436 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.1.1046347417\321686369" -childID 1 -isForBrowser -prefsHandle 2288 -prefMapHandle 2416 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {3a74f0fb-bc3a-4712-a47d-e04f5aaffef2} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.2.1796520790\703370467" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {4a95afb4-9285-4974-aad3-5ed77b85220e} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.3.1640577630\1654875828" -childID 3 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {1c5d05cd-9b15-4457-943d-2da46ffa53a9} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.4.964287669\430744953" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3896 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {f1cf2503-982e-45be-935e-19b388fb0c39} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.5.77510872\1769590827" -childID 5 -isForBrowser -prefsHandle 3448 -prefMapHandle 3456 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {665172f0-6b70-4cd2-8925-3ba6c4830836} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="436.6.1509340785\64601538" -childID 6 -isForBrowser -prefsHandle 1556 -prefMapHandle 1552 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {103c4db1-31b5-499a-81f5-0ecb63167f63} 436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLbJ8l1

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLbJ8l1

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2052.0.2119404445\409624175" -parentBuildID 20240416150000 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {377a1f0e-cff7-43db-b7d9-42ef44ef85bf} 2052 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2052.1.1691504845\684852777" -childID 1 -isForBrowser -prefsHandle 2500 -prefMapHandle 2448 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {20cafec1-bd29-43ce-8490-c45292b2141a} 2052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2052.2.552448101\2011109970" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {91cd6add-ccff-4abe-ab53-a865a27cb1a9} 2052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2052.3.283580176\313712452" -childID 3 -isForBrowser -prefsHandle 3104 -prefMapHandle 3140 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {20a42ba5-9bff-4a8f-a66d-acde5ddcc8e9} 2052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2052.4.537516137\2007305317" -childID 4 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {4991c906-647a-4f74-9869-e9098a84119f} 2052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2052.5.1221153097\115208875" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {701db75a-049a-46e8-a487-3e1542d3e2ee} 2052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2052.6.1688500058\1634512914" -childID 6 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {e88c08a5-780b-4e52-b834-a3747eede6d2} 2052 tab

Network

Country Destination Domain Proto
FI 65.109.67.140:443 tcp
N/A 127.0.0.1:50109 tcp
N/A 127.0.0.1:50111 tcp
TR 5.252.74.238:443 tcp
AT 89.58.61.42:9001 tcp
US 8.8.8.8:53 238.74.252.5.in-addr.arpa udp
N/A 127.0.0.1:50006 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50206 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50214 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 62.67.28.50:9001 tcp
NL 46.249.37.109:443 tcp
N/A 127.0.0.1:9151 tcp
NL 46.249.37.109:443 tcp
FR 94.23.76.52:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50585 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50593 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50922 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50930 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51250 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51258 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI19482\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI19482\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI19482\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI19482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI19482\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI19482\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI19482\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI19482\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI19482\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI19482\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI19482\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI19482\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI19482\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpb72imxdb\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/1868-484-0x00007FFD6BF20000-0x00007FFD6BF21000-memory.dmp

memory/1868-485-0x00007FFD6B0D0000-0x00007FFD6B0D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyectoL\extensions.json

MD5 1ab4039783cc5eae48d6869e55c29454
SHA1 d24dfa5bd143cf5150acc7e1d0128403c85bda34
SHA256 43b401f3edb7d6bacb34cac07ea475afcd4a252309fb5a8ab9be55bca3e07067
SHA512 a6c39de2f1f83c0f342610f971287b5a2a00299c6cd048526118f49c41ca5a2b1a2c866b96db97ca89e91d282451fc6e9ff67dc50bffeb26a1f0c8887c5e9a38

memory/2068-533-0x0000029C760E0000-0x0000029C760F0000-memory.dmp

memory/2068-581-0x0000029C71AE0000-0x0000029C71C50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyectoL\prefs-1.js

MD5 5bfc3a87d44a8d921c5decfc94c62f63
SHA1 faf725eaac1fb17d61285da76b6c554aeffae5a3
SHA256 b9214fab648f5e4802300558c501a782179accd067cbfe56aa90966ee5a9c409
SHA512 f0fa135357b14c9b87b1972d7cd252cf8e78586935507eeea470e6bdfe551d3b4f7d2ceaf34469bf8b53002c8987294aec22beadf067e68f2a2ea88b8ca824b8

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyectoL\prefs-1.js

MD5 a0c2c48b2caad3fe392fd6d9ec99df86
SHA1 35e717b4e24426afd5badfed19f11f699d2cb87b
SHA256 194013af7715684759e463c77f1c5cf5886c6f311bf349fb572a05b31300234a
SHA512 fd583d763559198f5c7711fa1f82170374a83ba811de943fb91b92953dd25ffa2fb2d2845bbdeecbd3e97f6eb58dcf64ed70250f6fb900b171fbf49c46e91622

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 44aac6dcebe93edd3d7291268f058172
SHA1 a8996b4bd433090d535ab78422504f021f5546da
SHA256 a7a5696bec429abd0ee81de1c149fe392ea6beeb5f6d15682b64d2094f8f4f7c
SHA512 1ab400b6b9bf85e5bad3442484ccf1a862bbf7ddd9f2c11db6cad357c1ccbd7c5461e0255a6a43fc023df73ec7b70339c8cd8acc7c5f00f32b6ba0d70b7c4eb0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\prefs-1.js

MD5 fb8490de8e3ae9f0a58cb88c8a6ec90c
SHA1 e033f962f1522b706a9ddc2fa19138517a04030a
SHA256 f2692df036f3c38462d2036263c94221748dcf4fde113f3d7e98641dbe7ae120
SHA512 bef264e9bf59407daa67f6bb4fa73c888855af562f670110f87dc23d49d76c153f8b8d3ebd21c81dca94892f364677bf1a9fb734fa865d3d5dc41ac26bd8b0cf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\startupCache\webext.sc.lz4

MD5 156b646d25d6685f5ebf46a1442a1fd0
SHA1 ab7a2a4098e5120c70f82f023616aa539ea6d765
SHA256 775cd9f32782cd06347d8a18142eaf7df9a892ae041ee5967f3d26effc61960b
SHA512 c061a859c013de32730827f58bd289c88df10ef5c5b3dd18ca42bd12e0ba4945615b563a4a80cdc1761089cc1055b61e94c496c2d9f3bd84d8b0ec2d6ef01ceb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\prefs-1.js

MD5 05b0f189f9498c8a569a8a12b0870f45
SHA1 5e300e2887630716ad32c7486f0834e01a7f2f06
SHA256 fd4dbf0707ab5414ae95db314849d3bafc31c2be5b6d1e473ba2aff71e2bb3ac
SHA512 e46c33c5d4453a19f4165f0d2cab81d76381a9eea96c839cb3b5cc46e7eb8bad4b1e1cc8a2be6d0b29f4ed5559b62a5766e3ec6b521e6355008a29f4dae86a9d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekEIgBw\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelupVOn\user.js

MD5 42fc266fafb8893b21601da2550d24ee
SHA1 fbdc8c187d0a84aaff8ee97f555fe7463f5a7221
SHA256 64f34d3623854f736b180910e9537657b73fd7e817497f0e481b7be237533da9
SHA512 1baa054eeae6a783d88d7e77da1c97a605745aa2a95995af7b78ea6e214f250adf9e22d6925e1002dd6ba5bd6afe24efbf70dc0ea1f5de4e508fbc08b093ccd7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelupVOn\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelupVOn\prefs.js

MD5 c7debaedd0e8a0f86c9095027a2bc636
SHA1 037bb60573043f2c591e06595b758dd516e14322
SHA256 313da701308545f64ad46f12ac0571f0947cf9f501b6c0a311eb9052f2c69307
SHA512 99c434810521e541a2f88883354e3e5995905d4a75bde2eff578a8e44b5c66f3e729b60fec66ddd0ae016f4685a4034b7d135ca26f0186e33eece0d6337f0961

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelupVOn\prefs-1.js

MD5 6185280dcaa3736983af680d6001f71f
SHA1 355e2998303db54638f27d2ca80e562bdd6328a5
SHA256 90d8e7507df1f3d5c2a78afaf00616de546b4f88e91335fb84bfb9707911c240
SHA512 7c9f3ddf6834c9a33d35d1914734d6d4f2e2a1c5c671934b3de5a915e37ccd2d5af79f608751221f49732ea275b984c2be1aac6df192e60bf13593f1d758de87

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelupVOn\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

memory/2052-1407-0x0000026AD4FE0000-0x0000026AD4FF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLbJ8l1\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:24

Platform

win10v2004-20240226-en

Max time kernel

331s

Max time network

373s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3972 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3972 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 5028 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5028 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5028 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5028 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1948 wrote to memory of 3896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1948 wrote to memory of 3896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5028 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe
PID 5028 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe
PID 3436 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3436 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe
PID 3732 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe --port 50115 --websocket-port 50116

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehPpqBp

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehPpqBp

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.0.2074317415\1944310411" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {f68db943-e070-4335-98d7-e2d597a8fcbb} 3732 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.1.115184433\1714580932" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2672 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {51f9edfe-c362-4063-a1ac-3411b54387a6} 3732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.2.920039152\751970237" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 1576 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {0e6f6571-1a80-48f5-9c1f-ef79989f301c} 3732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.3.1806810069\209490383" -childID 3 -isForBrowser -prefsHandle 3804 -prefMapHandle 3832 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {2f41f9a2-7213-46cf-aa48-a8e75eee9370} 3732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.4.1143120161\750082827" -childID 4 -isForBrowser -prefsHandle 4076 -prefMapHandle 4088 -prefsLen 25238 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {cf7242c2-f176-4374-a8c9-da562e83ec1d} 3732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.5.981638499\1570006132" -childID 5 -isForBrowser -prefsHandle 4292 -prefMapHandle 4296 -prefsLen 25238 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {c95f44f1-957c-4d0b-ac47-859b0546b068} 3732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.6.404016618\446170922" -childID 6 -isForBrowser -prefsHandle 4556 -prefMapHandle 4552 -prefsLen 25238 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {02158e43-9309-46ab-b666-8ffdeb76a353} 3732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3732.7.786892454\1699119136" -childID 7 -isForBrowser -prefsHandle 4500 -prefMapHandle 4344 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {ad18d88a-66d5-41a0-a8cd-b4517a1e672d} 3732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe --port 50115 --websocket-port 50116

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.0.1695510627\564273248" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {12c63af4-69b3-4e6b-842c-421c000c1824} 5712 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.1.265591782\1904853604" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {a4270875-825f-4ac4-8f52-6c1340b3bfe4} 5712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.2.1474349398\1513847524" -childID 2 -isForBrowser -prefsHandle 3232 -prefMapHandle 3228 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {9efe3da2-2d70-4ff4-b0a0-a261a2ea985c} 5712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.3.110103711\2108717241" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3640 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {b38c7699-cbdd-4e20-a172-53dc428c28a9} 5712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.4.1211854981\1339467388" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3780 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {894c83dd-1b91-42bb-af97-69ba05acc44b} 5712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.5.1793741319\997833594" -childID 5 -isForBrowser -prefsHandle 2400 -prefMapHandle 3348 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {12b88a8c-f8d2-45c1-a01d-b70de4af9f84} 5712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.6.721059154\1850514232" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {82571bfa-7dd7-4aa7-9762-7c2bcffac3e7} 5712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5712.7.186690110\1366143852" -childID 7 -isForBrowser -prefsHandle 4504 -prefMapHandle 4508 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {0401d2d6-3582-4983-bdf1-93f6324b9aba} 5712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe --port 50115 --websocket-port 50116

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefWEt80

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefWEt80

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5588.0.892068778\792986358" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {466eaa3a-8cd8-4e77-bf01-9a0d9f5ab090} 5588 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5588.1.792309481\867402899" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {26003073-7dd3-4d7c-a96b-daf2d66ea9e8} 5588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5588.2.1194660263\788094395" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {c8ebfa71-3c3c-4ec2-98db-50820a406f48} 5588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5588.3.394669495\1081126875" -childID 3 -isForBrowser -prefsHandle 3228 -prefMapHandle 3696 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {989fceec-40cd-4112-ac42-15e1db87f632} 5588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="5588.4.2060403727\1796701541" -childID 4 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {d2cc7d72-4172-4ce2-a67f-40e082a1b7c7} 5588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe --port 50115 --websocket-port 50116

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50116 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.0.590098663\1869462770" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {764f1cfa-27d2-4127-a0ba-48c36a18b7b3} 4164 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.1.1071855218\203945061" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2640 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {cc6a0abe-032c-452b-b185-85e80629b285} 4164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.2.503904471\690577015" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {94b04f76-a1f1-4590-b8a3-cbc9233ebbbe} 4164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.3.842793018\947477094" -childID 3 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {b47cb6b5-ca8e-404b-871c-6bbb42ab0da2} 4164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.4.203599275\1756114631" -childID 4 -isForBrowser -prefsHandle 3312 -prefMapHandle 3788 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {b99c3932-8d17-427d-a9a1-2d3ea2b95095} 4164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.5.1740509203\881959333" -childID 5 -isForBrowser -prefsHandle 3240 -prefMapHandle 3284 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {24af42b6-941e-4b0f-9d6e-5b9628ed956e} 4164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.6.1134722846\1496268688" -childID 6 -isForBrowser -prefsHandle 3392 -prefMapHandle 3396 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {89949263-66c3-42a1-8420-5d87233346e5} 4164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4164.7.352376828\420525159" -childID 7 -isForBrowser -prefsHandle 4608 -prefMapHandle 4604 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\browser" - {264c38bc-6b05-4fdb-8a1a-683f06440a3c} 4164 tab

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
SE 77.91.85.147:443 tcp
US 8.8.8.8:53 147.85.91.77.in-addr.arpa udp
SE 193.189.100.195:443 tcp
US 8.8.8.8:53 195.100.189.193.in-addr.arpa udp
US 108.181.57.253:9001 tcp
DE 213.133.103.134:6969 tcp
US 8.8.8.8:53 134.103.133.213.in-addr.arpa udp
US 8.8.8.8:53 253.57.181.108.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
N/A 127.0.0.1:50210 tcp
N/A 127.0.0.1:50214 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50336 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50344 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 43.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50774 tcp
N/A 127.0.0.1:50782 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.187.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:51172 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51180 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:50115 tcp
N/A 127.0.0.1:51479 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51487 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39722\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI39722\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI39722\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI39722\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39722\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI39722\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI39722\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI39722\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI39722\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI39722\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI39722\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI39722\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI39722\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI39722\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39722\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39722\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI39722\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI39722\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI39722\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39722\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI39722\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI39722\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpi5ye2k0q\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI39722\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/2516-493-0x00007FFC0E430000-0x00007FFC0E431000-memory.dmp

memory/2516-492-0x00007FFC0D930000-0x00007FFC0D931000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehPpqBp\prefs-1.js

MD5 82f2dfd65a5ac5baba92e00c125fedd9
SHA1 dba31376ccd33c0ce8ed9205d816506859f9218f
SHA256 cfd521bbf38f83ae24e80b55659352e77ebd24200f059b8fea63212f54081379
SHA512 5f1e980921029d51bbea325109a8151b3f03245aad9efe3e0abd8d3952e95ff809db2de80fea73e5f43384307649c3b6b7fe22fe8ca723b037c3f3f27f972a0c

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 7b7e0c92e463c36bc61151de49c808cd
SHA1 802ac00c83919bc0c4a49aa56d2d652b82ac167e
SHA256 7a66740cbd0d9384a5d142ad97286448b8c53b776b26592e26a6d37fe5951a82
SHA512 b36c4d18c944c8715566aa1b412b5e36d7432830bd84dc0d815d95db400c3be5eec5e3a723e92e7b1765246ec4177b86e018fcc9da21ff1f7176907208b3d430

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehPpqBp\addonStartup.json.lz4

MD5 ec75ec07faf5c17959f3a762865f88b2
SHA1 281e3a1382a39c2a0fe50215aec04d5da70ae1f3
SHA256 4be9cae25148b95f4987baa9184ba536df8807df02e53bac00828ee006b2a118
SHA512 1576dca552f0752aad97ca6190583dec1e2a21437470a232227fc080a0fd5cea21d56fea0722abfeba9902a701ef165b82e2716d63ec4451354e9a98e74df783

memory/4748-551-0x0000024C04D20000-0x0000024C04D8B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehPpqBp\extensions.json

MD5 1d91dffb77721ac3ba50d27aa5b5047c
SHA1 87a36b3af8ba8092986602fea45a72fca2352b78
SHA256 8192fd8bb98a1fff63a7b8518f9829e763b9233e60e4311f690768ca93d7dd9e
SHA512 88a1b221d213e6f89761bc5de35d211e41ff2139a3fa27742792096738952b0b3af5a0d3beba8ac20ef1ffecee9ed1f9a25577a9c170ac6efabdd45eec17da1a

memory/3732-586-0x000001FDD0970000-0x000001FDD0980000-memory.dmp

memory/4748-571-0x0000024C05100000-0x0000024C051CD000-memory.dmp

memory/2516-635-0x0000022467A00000-0x0000022467A6B000-memory.dmp

memory/2516-636-0x0000022467A70000-0x0000022467B3D000-memory.dmp

memory/4156-647-0x000001E740A00000-0x000001E740ACD000-memory.dmp

memory/4156-646-0x000001E740420000-0x000001E74048B000-memory.dmp

memory/2272-653-0x0000021293EE0000-0x0000021293FAD000-memory.dmp

memory/3620-655-0x0000027E99070000-0x0000027E9913D000-memory.dmp

memory/1084-657-0x000001DF0B810000-0x000001DF0B8DD000-memory.dmp

memory/1084-656-0x000001DF0B740000-0x000001DF0B7AB000-memory.dmp

memory/3620-654-0x0000027E98FB0000-0x0000027E9901B000-memory.dmp

memory/2272-652-0x0000021293E20000-0x0000021293E8B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehPpqBp\prefs-1.js

MD5 558f2b4c006f9eea79cdda6fa9ae4870
SHA1 82ce884a6f7f5586bf9f0f4bb71b84591836f4a6
SHA256 089ccb052d74955d14ff3513d0f1e82d46d0c14df7e15244bfe7d89c5ac0946e
SHA512 536533b4144275ef11443b5f149a62a1b22582ca0d3de8fc7d2120d56d84968bc31ddbf62722f59c205defd1461ca5f588125bf64b90bdbcd74dddd21c7f51e3

memory/5264-708-0x000001DDAF900000-0x000001DDAF96B000-memory.dmp

memory/5264-709-0x000001DDAF970000-0x000001DDAFA3D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehPpqBp\prefs.js

MD5 7b06d032ebc1ea888f26bde49824201c
SHA1 0bbf3c18ed30236d61bfe0d6553ff4513775ba19
SHA256 0dbbc2119e80cace8ac6da3c61fe85f3024f67418a7df89e18a59957a5bd0ea7
SHA512 8a216a1e9e29413189921d88521b74fa977ef999f319ef0d96c6005a8560b50005e693d5c97a307faa1e8a8cfe847167cdde0425db22262a54a1f178819887d2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\prefs.js

MD5 37f989a2d0c2dba824fc4d2cf982bd2d
SHA1 15e386e2dcdcaf1b9bae98d67c77d4024e56d244
SHA256 d871d66fccd6d84b6864773a14341cac4f13bed4651b132e655d5717fa42c2af
SHA512 5efe4389261190507214044f1166bdb4a6075264d0a68292a0a965024e3d652e1e485a278a9f985c29e5e9e1d5a04cf297bccd00b9262303b0040695f8974fba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\prefs-1.js

MD5 5d9231ce72862793ecd700b0d8d55b17
SHA1 cd0ffbaed9344f8dc36f1940d19c7cfa6477ecc6
SHA256 874ba48c975b71b0e65faf733ab9d60fd585b26c16b541af39c78d4def07bfcf
SHA512 c7a7359f3cc8fc42823dcc6dadd89549425c1718dd59fde6825f45b59d911fe03c7869b84774eb000046af0c353d1772380b0607edece27ef9fb64dc1488f09e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\prefs-1.js

MD5 b92b41c502664e54a79480927d9dece8
SHA1 18456addafcff8d74d70ebe787035a96ac2e4450
SHA256 e7ac01e8497133e0b93418a8e5820a6749783b61ebccad5535e20c845ecc797c
SHA512 ec55525296cfe9c042fb1cf0149084601ba27f6cdc9fe4f0ec5bdb3bac28ed6ca52adac39b3df8b6254c5d54f2626914c427f3136014e89f87bb098336047ac1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9QTeDj\prefs-1.js

MD5 d33283dca84d6693b02aa900e90cd2a8
SHA1 f81f7432207c72b24d9cd42c6f32736fe32503bf
SHA256 942fb6c57c4340c7f8e3d6841e1edf40ca909c61e5cb20e908dd55810887a729
SHA512 01aaf2dc2a3caeda629be6fcf8c72dceb2441945e9df716b701934fe4ac21b2aae5f6a5290053b72ec767aa7e901c7cbb012f3ea3091561838f142378a43cfcb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefWEt80\prefs-1.js

MD5 bca3a3cf8d77862ef08d5cfbdf28abc4
SHA1 682183244217eafc754f56276cbd4bcd08e8c7f0
SHA256 f08e6ffe9656c3a012968a1c6abb688d2a74537fcf80e64e4dec58e42c04d3a8
SHA512 ebfdc74810ed4dff75f371159ff2b710054beca2e8b2ad6b25b1ee1526ad172de0c95bac35a62cbc8801a9de15fe50bd3eac49d4f65994c14edf290e89f061b5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefWEt80\prefs.js

MD5 7306b7d40b59eaf3a28120925d98ef86
SHA1 428a09fd41abfd2a2afcf17d65354f7965a5c17b
SHA256 6460e71ce14bf3702c0dd863323e0f0a7cfd5a1e44a69e3a25bcf688b23ce915
SHA512 b02f624c756938f231fd9d5a4be05cf3cf4810586f3a33e18e1659ffee9422b57b7880a3e7fd3ba1de49888de2a9b4a8d5ba523240fa5d8284b6d75155e08679

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefWEt80\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt\user.js

MD5 895f7ad67cb80994620f391123c11c44
SHA1 ed68969875aebc041641f993a1d9d02b40f117e2
SHA256 c93f3fc5a9a5535742d32a04e66791d6d8983c9e936c0c3164f0217b13aa6ca4
SHA512 4dccc863fbe36e1d45fee0904e06ce3b48e77c5652436a0d4a658370dee89ab0c48541526ef05e14920ee96e365a95f78b3ce598c433f103ce65af6efd186c91

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt\prefs-1.js

MD5 d43c467345b14927c2f6c0db665157ce
SHA1 492fa33cb783b01eef7595d2f04c3dbbf08c8fc9
SHA256 9ae71da40e7b95a67ff2c9a2d1b929974150783764d1bcb8ee65409fb80b89ff
SHA512 0ab2a729506282c63e533d1f6da43190a2c33b44efa3dccb03d74d5dfde8094b4cb6565663f9e580fb227c4eb98dcce9c24cbaa18f7aa1c27cbf689b7f9ac7b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt\prefs.js

MD5 5e3037f590d738ff41253653065e58f4
SHA1 ebc9388e7845d68966f64195f234982f5d171f13
SHA256 c14b00396649b72308230a9761083165302fb8679e4083dc41f476bef9592d1f
SHA512 18b1253a60a68973cb790553c875a2c376f5c603f7abbf292ab0e9e9f050ff741da6e479f92a5e31d2827ef80096af0bf10419017e78e8fe22e2b57d0659d615

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt\prefs-1.js

MD5 fb87dcc761c268f2dd14d7ffa61e3175
SHA1 4b3fd3eeb75821f89f7986a6ce551081921a241c
SHA256 a10b294d002c6872eef0b00faaaf3c9847dfb72f490a85b5e7e46252d023338b
SHA512 a3eb95de060eb8695aa5f953632056af8b63115127cf5c26957df6382bfd62e0f125699130ca389193c6125287179b6a1c829607ff999962e06e3605b71bc463

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefDIiWt\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win10-20240404-en

Max time kernel

301s

Max time network

315s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4424 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4424 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1008 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1008 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1008 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1008 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1876 wrote to memory of 5020 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1876 wrote to memory of 5020 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1008 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe
PID 1008 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe
PID 4264 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 4264 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe
PID 5028 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.0.1772996673\1583956146" -parentBuildID 20240416150000 -prefsHandle 1512 -prefMapHandle 1504 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {98c397c9-9a62-4a97-b8ca-889e7ec7946f} 5028 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.1.1455604862\1404224967" -childID 1 -isForBrowser -prefsHandle 2516 -prefMapHandle 2512 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {5ea884f6-6ab8-4aa2-93e8-1a11970513f9} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.2.670661128\350763927" -childID 2 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {fee4cfb2-e6b2-43f0-af2e-2a540f36e993} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.3.322732298\1355041044" -childID 3 -isForBrowser -prefsHandle 3044 -prefMapHandle 3256 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {869c72f6-970d-499e-8da5-08c2b64cafa4} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.4.946599685\99975392" -childID 4 -isForBrowser -prefsHandle 3488 -prefMapHandle 3492 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {0b852581-bdac-4a66-bf30-7dc2490f6d89} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.5.477383935\1934020670" -childID 5 -isForBrowser -prefsHandle 3564 -prefMapHandle 3568 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {bb4088ea-0d23-434d-9a12-d7454e250292} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.6.1267274329\1152585909" -childID 6 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {c715a244-0f02-493f-b354-6a5d82959f7c} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.7.808535617\1057906475" -childID 7 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {2cbd2e78-44f5-4053-bac4-e351d89e614f} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.8.1503714840\902474816" -childID 8 -isForBrowser -prefsHandle 8396 -prefMapHandle 8388 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {c273a4ce-8b9d-4572-ba45-aa07b0d05e50} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.9.832502720\1303597492" -childID 9 -isForBrowser -prefsHandle 8252 -prefMapHandle 8132 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {583b2064-3030-491b-aeb2-2cd539aa0708} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.10.1707931069\803590115" -parentBuildID 20240416150000 -prefsHandle 8500 -prefMapHandle 2508 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {0011b845-264f-44fd-b4c4-0b956bed7c14} 5028 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.11.67378572\178452442" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8480 -prefMapHandle 8484 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {d0c0c7d8-a76c-4817-ae94-909ae95e62e7} 5028 utility

C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.0.659380412\361721479" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {7667fade-b388-46f8-9393-6046522f46a8} 2868 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.1.1026221929\2054145745" -childID 1 -isForBrowser -prefsHandle 2204 -prefMapHandle 2200 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {25b3245a-8a2c-49ca-9d91-712302033b31} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.2.2139709926\215842122" -childID 2 -isForBrowser -prefsHandle 3028 -prefMapHandle 3024 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {2fb243b4-245a-40c5-97a5-bd27d0101917} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.3.1976957569\1715859194" -childID 3 -isForBrowser -prefsHandle 3220 -prefMapHandle 2228 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {1c444770-c17a-4dd9-b7a7-f579f5c233fd} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.4.1697347287\525443317" -childID 4 -isForBrowser -prefsHandle 1348 -prefMapHandle 1372 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {980dee42-13d4-46ff-beb9-149e7f24bcc3} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.5.1664395307\194498345" -childID 5 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {51fe05c4-8f25-4fe8-a0f2-dba16dee93ca} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.6.1971242484\1486182491" -childID 6 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {2060f7e4-bec9-4232-959a-c23d9740303f} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.7.346460231\1019304195" -childID 7 -isForBrowser -prefsHandle 4352 -prefMapHandle 4348 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {67e05fe4-3a6f-477c-be74-39983b801b82} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.8.1642026696\123289425" -childID 8 -isForBrowser -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {be8ee856-c6d0-486c-85ba-68c3e51b828e} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegKRewI

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegKRewI

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.0.446339738\1481364529" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1448 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {13cd6dfb-8e50-4556-9060-cb0e8a06551b} 3700 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.1.244631381\347671670" -childID 1 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {ad6c0a14-d70d-48c0-8b90-ab0fcebceda4} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.2.130868641\54616153" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {9d442540-42b1-473a-8508-34144e60e8b6} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.3.1877334879\1668398264" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3412 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {a79050a4-0177-427b-bb23-22d72b300fcb} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.4.1083178648\1759794678" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {fa169558-fd5a-468a-a60f-cf22df64b280} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.5.657100869\836748072" -childID 5 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {e625cc7b-9c20-4b8a-a141-33968bb34b86} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.6.1665632632\316997035" -childID 6 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\browser" - {0c44ebd2-3043-45a1-bd4b-a6fe24494207} 3700 tab

Network

Country Destination Domain Proto
GB 95.166.12.135:9001 tcp
US 8.8.8.8:53 135.12.166.95.in-addr.arpa udp
NL 185.155.223.9:9100 tcp
US 68.134.176.234:4433 tcp
US 8.8.8.8:53 9.223.155.185.in-addr.arpa udp
US 8.8.8.8:53 234.176.134.68.in-addr.arpa udp
N/A 127.0.0.1:50083 tcp
N/A 127.0.0.1:50089 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50250 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50263 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50744 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50752 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:51085 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51093 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI44242\python38.dll

MD5 c40c36a527b224a242b22a301df7bf0c
SHA1 41099f8b597e5ba6f4e7b8cdac655fa432a5ee28
SHA256 68cc16d68ad3cc8632942005625dbf23aa90b9a00c18ebe83981f66c8a34830e
SHA512 97008b6af13408d061341a881a1285b2c810dedc30948d0785e19d25526320ef9304170572c637d66d9c7470a9dd007f1a8417305d9e63fe0ca8c3ca5b537e50

\Users\Admin\AppData\Local\Temp\_MEI44242\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI44242\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI44242\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI44242\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\tmpatwjrc1h\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

\Users\Admin\AppData\Local\Temp\_MEI44242\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI44242\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI44242\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI44242\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI44242\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI44242\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI44242\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI44242\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI44242\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI44242\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI44242\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI44242\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\_MEI44242\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI44242\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI44242\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI44242\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI44242\base_library.zip

MD5 196fc7563beec5caf7c72cfefe27a4c0
SHA1 c3d9ecb19ed275d5e72dd2a2b8e63ae4b1339614
SHA256 ca9d50db79635bc360319cbb7ef3054ebb5824298e72663f38a1389575e839a4
SHA512 f0d6d9eae8fa63bc1922a8092236ab832c5d640d2775f985b13cd661796ee68b0c690146e84e2d54f55b374b38345d7f4c295d403ea6ade60b268d9a56cd139e

\Users\Admin\AppData\Local\Temp\_MEI44242\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

memory/5028-534-0x000001911F050000-0x000001911F060000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK\extensions.json

MD5 6ec394b988b5b246ac793d8c6855e7b2
SHA1 32f6a08ba7607f1f4d2d657b891052011c43df50
SHA256 dff20e91dc89ba8729e8c5e9bab4954fe02d2407df239b6a164ee063e96998f8
SHA512 44abcb193a9d004d7e90c6608e7e77325d42135be1d7392a388054137c3bb54c11f35ce85c68140a9298c8a3ea675d65c12986fb13f10eeb2bc736712ff224c3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK\prefs.js

MD5 708985e901ab0fe77606240d1b279a96
SHA1 127e181ab57dfd3f1b73d52635669e278b693b07
SHA256 45f96654bf128dbcc8e783b29670dcc786b204e1002a475841e5a59612c38af9
SHA512 eac3a1da98b48c2eef31bdd96692227b5ae4b2e3f11248c97c2b4c8b028e955fbdb2c568db82cc526c586a454ee88c6e6321dcdf8b8c50e53c1a82e04aad18cb

memory/5028-581-0x0000019119EC0000-0x000001911A030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK\prefs-1.js

MD5 a9fce1dfb6125cb3e6eafe500b9ee3a8
SHA1 11903b0beaf6b93877b69affb06b6f474a0780c5
SHA256 c0a45c71299b97be93d78faea8434e32a6d1a5d6639acf5e5b6525e72e09d74a
SHA512 d9876c91aef1edb629567694d29ac9bd21cc5a87c757bbec94801bbf89541ed822ef0ebd7a8ac2705acaab2e3eabe1961c09a5ddc368cd8276bf7244530067ea

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK\prefs-1.js

MD5 ba11e2dc04ac7cbc38a590f8e1d676c6
SHA1 75c071ed25f54a14f684191f4bca42b31d928333
SHA256 4493a129259ceaaf24814807759ccbf2a2cdb0056a96094beb1449ee8a7422e4
SHA512 e60228a6ca32ced4a299841d4e92d5fe739c4e49a950d8999a92338d9f02bc6975e15501bb6da42dfeefdd13e05254d9ec205655b213222077276641330a5acf

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 b466c6a7442d20d5ee925eddcbc30e0c
SHA1 5e05e860a0b50801633840ee4f5e808f25311e10
SHA256 d89b514a79b2231142ff014ecbffff9e84ef66338fb41a7a61a44f2b72430d2f
SHA512 48869fa5e7cbbce5e3e228c01074cca06467aba745e33e8918848a88f73029fe2e862938506f98b73bef827574bacf675fbd5398d4cfc9b26f771d51cf9db3c7

memory/5028-683-0x000001911F010000-0x000001911F020000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK\prefs.js

MD5 b507da4ba14c2e158526b7684304bdf4
SHA1 a6872815286ce5b57b67c65cb1fabf11f304f805
SHA256 261e37563e844a74425cb2eed21757a9f918fca8e5ebf3b42a52ea02943e4d21
SHA512 2ce5d91ef38f8584c5f113c285757156e9241647c1390e3681e1e9210c6a9ccfb862cfc08140f53bfdbe4e05a0ea0e5d527667d57ce6111235001cb19c033061

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexSbNNK\prefs-1.js

MD5 20932f076c4b26cdbc04357df6051ae8
SHA1 95163cbeccd39c12c492ab7825e9b415c199263a
SHA256 64b6cbb64fe5f166af557d6beca2db27e1b98e9450146ce931c94473b921993a
SHA512 06e90a0ac9075b76a38872a06ad88c68dba47167351cb4029304b905b12a488f2c697912cd5245d119c5fc251bd219b4b732e407ee73bc72354df034fa2be305

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2868-903-0x0000025BB35F0000-0x0000025BB3600000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\startupCache\webext.sc.lz4

MD5 4f0c80d00ac9a583d66fe091a9bfa7ff
SHA1 bb5059d34b8f6cd652ccfef66ce919d2ca22bfae
SHA256 594dfff6a7e0a11aea2008e1b095af1ef0ed9a6479a36d5c375cdeb08bd80a6d
SHA512 56fe7eaa64bacbfba346ce27a6f0acb9353b0416b8df9b40e3427f16d90e44c41e306f76b18407d86541c54c33b611a04db23d89bf827d74076a6b45d9ad7631

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\prefs-1.js

MD5 f2dc56eedb69810c9e91733e7f04aacf
SHA1 d3ca637dd9c44fc51439d94c045d141d770ccb3c
SHA256 61737a1fdcf1473ac5128788f61df5dde9d75ba171c3f4100e66a6e2b0dedb5b
SHA512 1a04df10a1dbdcc46e2c04de05313e0336c236a45d819bf4d8acb13300e8d85caa6fc3356b72ed44b139d00b8861a398ad3644a69b079e6c0c06c51dae71df57

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\prefs-1.js

MD5 58e2ddae706f69671ebbf01fba47fac7
SHA1 1fb7f240df21ee2e9b6926a1ee4a4c0652138151
SHA256 1c82c171c64b048daf219164653bfc95804ab76efd90b4d2fa72a27cac37f48e
SHA512 556e0077a5c3bbbda0248fcde7ba6e6d8638e7c5f2b05b9fab3e745679cfce26a1ae68046f55e559882e74d3e92b6fb1e6f77986168afcef8fac8c5d1162311e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilektFZSm\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegKRewI\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegKRewI\prefs-1.js

MD5 2120f410a4c68e66ca79e4bf5002b35e
SHA1 c0fbaa40b013fb2ad3c691de9942528c0bd1a527
SHA256 fc1c268d14c837d57c4624170710c9f50ac0d4ab316df96d758ec34a83682dad
SHA512 93c35eb4f3f313e06054d3b223ce0895391eac9e8ed87db4daf16745331beda9739276b091a4b4d40388514bc304a4178bd57067aa2025bc46f249227efbcc21

memory/3700-1188-0x00000122BA080000-0x00000122BA090000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win7-20240221-en

Max time kernel

272s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2364 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2364 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2364 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2208 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2208 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2208 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2208 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2208 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2208 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1776 wrote to memory of 1132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1776 wrote to memory of 1132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1776 wrote to memory of 1132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2208 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 2208 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 2208 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 1600 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1600 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1600 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2456 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileDylXvd

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileDylXvd

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1948.0.14494286\1607857705" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {14e53753-9d82-4930-b29b-94c03e35bbfb} 1948 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1948.1.2143535711\231935527" -childID 1 -isForBrowser -prefsHandle 2220 -prefMapHandle 2224 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {4767f767-8283-4f6f-a121-7533fbfcd8c7} 1948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1948.2.1591019883\834767432" -childID 2 -isForBrowser -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {20885e44-354f-4c8f-a547-223e28e74ff6} 1948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1948.3.140950738\807651277" -childID 3 -isForBrowser -prefsHandle 2276 -prefMapHandle 2412 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {9fa1f8d2-f519-4c74-a49f-8fe5d2c3be51} 1948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1948.4.978219293\929076686" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 1076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {18847b79-64eb-443a-af44-85fe1bff3504} 1948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1948.5.1473853417\1740400551" -childID 5 -isForBrowser -prefsHandle 2908 -prefMapHandle 2912 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {13b9255f-7c9b-421d-aec6-c75970ad151d} 1948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1948.6.442208166\866272124" -childID 6 -isForBrowser -prefsHandle 3076 -prefMapHandle 3080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c8917c9a-9cbd-4a52-81c3-dd762dcefa88} 1948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.0.1059049563\562098480" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {1976a429-be44-4708-b4b5-eda396daf49f} 948 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.1.1449715063\1606956930" -childID 1 -isForBrowser -prefsHandle 1700 -prefMapHandle 1824 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {9cf86e09-a519-439d-b271-fe8e50438033} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.2.2018506177\472041175" -childID 2 -isForBrowser -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c2b1e69a-ca8d-4cd6-a2f1-61dbb6d21fbf} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.3.1474466574\1561605150" -childID 3 -isForBrowser -prefsHandle 2300 -prefMapHandle 2556 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {729002c8-0292-495b-aac5-ff0d0838c314} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.4.1620291191\488829357" -childID 4 -isForBrowser -prefsHandle 1068 -prefMapHandle 1064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {f70ecbbb-b9f4-4883-ac21-2009b74c8784} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.5.74886409\39622477" -childID 5 -isForBrowser -prefsHandle 2944 -prefMapHandle 2948 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {68116f69-e105-4f21-b884-1e8abe32d608} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.6.345760366\1968774686" -childID 6 -isForBrowser -prefsHandle 3104 -prefMapHandle 3108 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {dca01df1-241b-42d6-870b-29fa4d5e0367} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.7.1485150504\306203385" -childID 7 -isForBrowser -prefsHandle 3484 -prefMapHandle 2968 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {00d8acc3-36aa-4e5c-ba12-d277bff93427} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.8.861260511\805612119" -childID 8 -isForBrowser -prefsHandle 7684 -prefMapHandle 7620 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {137c9f4a-49eb-47ae-8930-ae1aac158c37} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsEfzP

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsEfzP

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.0.1783143346\804787892" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {0a39629a-b65e-48f7-b6d2-de227f20fa6a} 1912 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.1.2127936281\495301922" -childID 1 -isForBrowser -prefsHandle 2088 -prefMapHandle 944 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {87c43bd9-69a0-442e-8df2-487026fffb08} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.2.1830502815\616202059" -childID 2 -isForBrowser -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {cd620f40-2db5-4693-9bc7-9fd33e02d560} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.3.1325641275\1126735388" -childID 3 -isForBrowser -prefsHandle 2332 -prefMapHandle 2336 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {f3eb4d07-2964-497c-bd81-273c8b0f13c7} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.4.1400333987\92512504" -childID 4 -isForBrowser -prefsHandle 1076 -prefMapHandle 2668 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {33a1dc45-b744-4ad1-be23-6dcc19ad8971} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.5.1720805053\717224794" -childID 5 -isForBrowser -prefsHandle 2904 -prefMapHandle 2908 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {21106cb3-28c2-403f-ac93-9a0b91802c7a} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.6.911617854\625310280" -childID 6 -isForBrowser -prefsHandle 3060 -prefMapHandle 3064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {b1cab0e5-e9e8-40ec-b830-14d31bd82ee9} 1912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1912.7.1131066910\1324238358" -childID 7 -isForBrowser -prefsHandle 3356 -prefMapHandle 3352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {425bb805-c944-43f4-8a57-248e4a1a0e69} 1912 tab

Network

Country Destination Domain Proto
GB 95.166.12.135:9001 tcp
CA 148.113.162.135:9000 tcp
US 18.18.82.17:9001 tcp
N/A 127.0.0.1:49504 tcp
N/A 127.0.0.1:49510 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49664 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49699 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50136 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50171 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23642\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI23642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI23642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI23642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI23642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI23642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI23642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI23642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI23642\libcrypto-1_1.dll

MD5 95c6303a3959e746ad2a37f0558a73fc
SHA1 4dbe9ce43c9b894947d6388f13b639e6e321d9bf
SHA256 0e2e78ee499687bee1e30a492c67acb68efb77d12f33b951f964aca1469be98e
SHA512 7962ffd5bd58495b8b1856c45b6f7ace65378d60f249208d6f883b5e851e95bbb82d1eba2ad563c3747b65db4ace85bcedf0330e6fa856a218dc1a7df11454e4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

MD5 4894f67634655cd4d0bb25d327a92a67
SHA1 b89f4c1f1529dae9d0c8da99bfe5c65d8a05e500
SHA256 85bcaa37915841f59fdc6f5ae58d5a1413ad383ff5cc79a80b5585a9430f6321
SHA512 d03cb2e2937507cfe66526663fa04bc9f47fc24ff7d319687b7d9fa9d188a3959f8dfc4fb58a01c8cae2406a3285a3fb5a7a459ad3a2b41c873fb913110e6333

C:\Users\Admin\AppData\Local\Temp\_MEI23642\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI23642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI23642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7d6384160fc08e8462405b48c58d422d
SHA1 d83b6062f5e178867731c73ca85ebce36e31c806
SHA256 8877695be8bed60e85e844422198d7408abba4ee16d362a9c8f514b85e3365d7
SHA512 168e240ecec07bd2c9b6bfe8afe228662e6d6c42b4f2bf2349fb9d8aebb5fc4fc624ffd0c5bf91ce51b2ccef3cff33133188997bf9aad97a633552c5eb9ecf10

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 0e490c381e8283222c23df594ddb3e93
SHA1 5e3375b010c0b0eac70b0c73c168e4beca84ae4e
SHA256 e3b3cc3016aff5e6bad156b213a55a0f9f73ec06c5b5e7a4f59dd819047b7245
SHA512 6a26d75fe687ee5629d60475187d16af359b9da27c831435de4ccbb2ed135906ec15c269231dc014723d5a4ed3c9321ae7fccd6cf054867dfa3d1e28863e54d4

\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 03e2510e66fa7eb48f43e359f5a21fa1
SHA1 d72c6ad44bb13efc50622bcb4991f132f3062fbb
SHA256 e11dcae1fb4da440922faaed3b29302f128209e34db10a627ed407c91d891a98
SHA512 28d600811f378fb8a9cb126f560893a285d62fe8c3fb9dd86110af7c7ee2d1b440f923949099d7503fd7c78f1270341c78ceda43ab9fa4c6a2481062fc57d573

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 c732dce27ca8966930ae486df861cfba
SHA1 a2d621c06f644cc38e0f684bab76da46f525cb2d
SHA256 bdfa0dd22ab9afb3fc6fa405136a7513f3d01189cbaec797225bf51924a8a674
SHA512 95291a07765633fd16292a521446518a818699dbcf1297147341344cde6056d5e64a9ff9a4c21dfcdfeb83d2d354c8c25bfbedd388d1dd4be56e504999de8a54

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 86f78270d33684e7d6e0064174e4a4ce
SHA1 f5dad63848bd72f57b7cef3a6c5b3d3f862e8f79
SHA256 5b5ff53489a2b6fedcc1ae624cdb6d9d9a8d57e667c09f56914717c137815680
SHA512 4e5d1a30c4029b78e09bd2ae133b3c0102d870a62eb759a957159c44c5765928931adb926afabfb73e02c6e72dcc7b6bc5be248a19330c3cc675d3953866e567

C:\Users\Admin\AppData\Local\Temp\tmp2d89d8eh\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

\Users\Admin\AppData\Local\Temp\_MEI23642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

\Users\Admin\AppData\Local\Temp\_MEI23642\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

\Users\Admin\AppData\Local\Temp\_MEI23642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI23642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI23642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI23642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\tmp2d89d8eh\webdriver-py-profilecopy\places.sqlite

MD5 6aba2d0351e5cf9191433296312e2128
SHA1 724b71969c12657e847ab17f2fe81dbb6bcdf448
SHA256 bfb39d0bcf90d9bcd33d78ca8ffe3e63cb7c98d2523ab09e1d3e0a5d28c6766e
SHA512 a5d766ab16ddf31bcb7728054702fabde9b9e638f414827c2d180740d7263170061b425aaf29c29ef1e6d3dc342d58cba5b6660fe70fe646e304c6da63df4a66

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileDylXvd\extensions.json

MD5 fb9be5db6c34ccf89aaa0d4164b7729f
SHA1 4c772af4875ed26c7e16f3be692cf051e2e2e511
SHA256 02394be3ee56bcbb9b495c080fcc79d12511e28d2c9e2522ec97fa769b2cc7f9
SHA512 4bdd6d1b9e069dc8e0824f4cc3d820adf83d7b7854fbe25575c33bea67554035772d8445de9813e398627c8ab7a1276d402ea4651e2d63993b1333c8f8333c17

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileDylXvd\prefs-1.js

MD5 7a9304144241333047182b00d305eb2a
SHA1 90b902dc4b7750dee2eb5cbbea453dbd511c1112
SHA256 8d0e85e427f1b27b86554c55aa3a2c0a0076c27488baf62267e5af60a4cb6993
SHA512 980e821e7cd199cce1ab78d7003eb309c5a6a365b3cd00aca3240d11b4fa8df1a6038a548ca78468e32476968ea592be8f99845553f39be9b1da2a06a99502f8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileDylXvd\prefs-1.js

MD5 6eee3c73cc886956bb91be793d9c47fb
SHA1 591068b2c32ef538b46a4965c8d75240a6ff9037
SHA256 0388332087caef8b4ae7c7cfb9501e6b9bc62cb0c9676208f22411d2b4bafeb4
SHA512 61a63b8cbb75a7c9c798d83c461a20e075c2093f754a96332e4964782f7d2d2132b9c8142e0bbf153282dd8738d0139b24167ab19dafe666226085c50364117e

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 4a83066340fded32bccd3e7a7c9a8d13
SHA1 0e5e39bec000b5866658cb14e8a2d3a4e7d1b0d5
SHA256 74444fd7a5eb1bed7cbea7e4730ec883d91cd46e4800bf42d308d731694a5a1e
SHA512 61fb67b13502f95d24c6563e6cbed67329d7c810df8f5aa74b84a3f09339193a516fd4ef16752945ad8eed46d2dc799ba69f1dd0826ad9afa31c61c634a15a77

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\startupCache\webext.sc.lz4

MD5 fd3b83223bf6c95fe71f94f2a34e7531
SHA1 aa670ab67bee273ab7a1eeae1f3cbe641ac723d4
SHA256 4090abfedc9426cbdf37e3052594a6400e04a74c5f9984553d4b8a6eb53fea94
SHA512 9911a30d80abe302f047f622a5d125f6ccafc793422084a6965cf6f217cd68e19b035f6cb553dabf61c1006303833f2f4ecb17e71eba4bad02ec87a8ee2115de

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\prefs-1.js

MD5 b350ea6b3ff91ccd06ff6d870e35c3f3
SHA1 a55e8f84769b880e789c87cccafa4e8d1f8d5f51
SHA256 f069cd7baea300bb4bf895708ff98f73d20dc046b2887755f07d6d1245a96dbc
SHA512 25e9c5ad75f95422584f2fd880dca3d0b6f0e7832108a936a7632e3d653fa74c5ba0865a19f20934bd5c0df25432785d3169ab1d6ec3ba10b9b47d41a0e93254

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\prefs-1.js

MD5 18bb3e69eec74eb851572e3ecbc6a333
SHA1 3ca56545c2c482102c5a7a689e82a998ccbbb4cf
SHA256 7f954656b63bcb2ffb46213030b1f7de54be974073519d95c89341e3abc924eb
SHA512 dabd4fd912b67c116ef22b37972df4730074e43ed3c70ff84dc81967308736a24458c4e86a27a5d8fc9ba1f41f3a4ad4357a3c5cd18fbe6bdde301b98cbe73ae

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew3thrG\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsEfzP\user.js

MD5 9f0af3732b715f5003ecdecc3c7ca606
SHA1 0070aafee2afbd62d5a1603c3a372317d373fb19
SHA256 2047b6ba43635994e47cf144f6b2f41d3079451dd3adf19394c4b6e7b0da5d20
SHA512 67d4311bf8f9e1f51b5c0ea12ebd43e88363e7800f7f6e64ab6ca680cf1af980bd5695b5efc01306f6dbe4a330f7a712315c284568726a677506b5a3f97fb7f3

memory/1912-1644-0x00000000034C0000-0x00000000034D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsEfzP\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0