Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-bjfn4ace33
Target medium.exe
SHA256 335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb

Threat Level: Shows suspicious behavior

The file medium.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:12

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:24

Platform

win10v2004-20240226-en

Max time kernel

362s

Max time network

392s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2944 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4700 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4700 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4700 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4700 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2984 wrote to memory of 2408 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2984 wrote to memory of 2408 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4700 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe
PID 4700 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe
PID 1136 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1136 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe
PID 1744 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe --port 50118 --websocket-port 50119

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiled8aX9q

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiled8aX9q

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.0.1126581298\438946249" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {7d12afc9-0ae5-4f7e-a25f-18b02b1e5b8a} 1744 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.1.1486890957\1842870447" -childID 1 -isForBrowser -prefsHandle 2600 -prefMapHandle 2616 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {1dcdc74c-fd44-4e14-b73f-472ab426a782} 1744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.2.1126148054\1072316588" -childID 2 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {89f7510a-9449-46e8-a95c-5f80cf22173b} 1744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.3.1175608910\1037968385" -childID 3 -isForBrowser -prefsHandle 3224 -prefMapHandle 3280 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {e9d591c3-16f2-4e30-95a2-e280b4cf175c} 1744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.4.946128916\658683000" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {dce60c88-d272-4d27-bd59-48643653beb1} 1744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.5.1374761571\1777070282" -childID 5 -isForBrowser -prefsHandle 3996 -prefMapHandle 4000 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {d7fbaa37-9475-46c4-8baf-8d8b22dbed23} 1744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.6.1076612622\1841811347" -childID 6 -isForBrowser -prefsHandle 4184 -prefMapHandle 4188 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {5c658e8a-c57b-4cd9-b98a-c9fc305d24cb} 1744 tab

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1744.7.1858051336\504747652" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 4528 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {00f43029-fc18-4524-bc27-1322710dd30b} 1744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe --port 50118 --websocket-port 50119

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.0.636119039\144061709" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {d92108e5-acb7-43c7-9ce2-7746bf015c1c} 3560 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.1.450929343\881648884" -childID 1 -isForBrowser -prefsHandle 2684 -prefMapHandle 2680 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {93bc48c4-f93b-4bc2-9817-1adb3cb904e1} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.2.1232989272\1906173143" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {bcf00627-2862-40a0-b45c-88a3bda4a05e} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.3.1547927143\1922657057" -childID 3 -isForBrowser -prefsHandle 3352 -prefMapHandle 3256 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {dcac978e-36be-468d-998c-c4b3df88f088} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.4.322540447\1330535266" -childID 4 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {9b22db75-3bfc-4385-9b64-1326f6b9ec20} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.5.1161233209\2141302600" -childID 5 -isForBrowser -prefsHandle 3856 -prefMapHandle 3860 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {24cc0225-7703-4e74-99b6-39404aca0364} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.6.2143376699\1340222852" -childID 6 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {d011f9fb-d402-4fc3-af22-e9470dbbe710} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.7.772325307\677714268" -childID 7 -isForBrowser -prefsHandle 4508 -prefMapHandle 4084 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {d1d6ecbe-901c-4512-92a0-ad82cfc3a470} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3560.8.1550172974\1217532106" -childID 8 -isForBrowser -prefsHandle 4644 -prefMapHandle 4620 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {3f24e9ce-2926-4aba-9563-e1c6288e91b7} 3560 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe --port 50118 --websocket-port 50119

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3004.0.1343609683\733440738" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {30458c41-422c-4b3a-8aee-6d9ea8281b73} 3004 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3004.1.437591983\1681711733" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2664 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {d898d12f-1ed9-4c6d-8305-dfb5ada0062a} 3004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3004.2.53817320\1061388551" -childID 2 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {319b2998-4b7f-4fad-b107-ca7a15fc0316} 3004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3004.3.89039796\213009838" -childID 3 -isForBrowser -prefsHandle 3808 -prefMapHandle 3812 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {1cbbec26-c3b6-4c29-a7df-3107648c4e2c} 3004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3004.4.437101527\974335811" -childID 4 -isForBrowser -prefsHandle 3304 -prefMapHandle 3988 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {20026eda-005f-4b42-bb46-a5bbdd93b94e} 3004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3004.5.1568542\1249515623" -childID 5 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {40671c0b-6781-4151-9ba9-4ea8c2ba10a6} 3004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3004.6.1077462638\1895371231" -childID 6 -isForBrowser -prefsHandle 3944 -prefMapHandle 4092 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {65308ab1-ee92-405b-a6eb-69a70753afba} 3004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe --port 50118 --websocket-port 50119

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQBWN6I

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQBWN6I

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.0.2076983037\1150559187" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {5edd4506-a577-49a6-895c-b537472aa631} 3124 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.1.1475570840\507191277" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {4b8381a7-cab0-411f-822a-352396f2c965} 3124 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.2.64097708\1142668729" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {f12ad46d-40e5-4026-aa76-4477fea5e555} 3124 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.3.2013693606\1741368210" -childID 3 -isForBrowser -prefsHandle 3840 -prefMapHandle 3844 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {577dfafc-1efe-459f-b283-bd0e9d165c2a} 3124 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.4.164525379\1389090608" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {ce86a4a6-f022-4fcf-835a-50924950f6ec} 3124 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.5.1032442995\1115723233" -childID 5 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {34fcc071-460e-442a-bbc0-e14797030be2} 3124 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.6.1800671606\1557524132" -childID 6 -isForBrowser -prefsHandle 4388 -prefMapHandle 4384 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {6063fd18-b497-411a-879f-9c09b7c42bf9} 3124 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3124.7.1415865801\130327829" -childID 7 -isForBrowser -prefsHandle 4684 -prefMapHandle 4688 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {d6df4034-0957-4dc9-893f-779c82af2076} 3124 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe --port 50118 --websocket-port 50119

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOUvff1

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50119 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOUvff1

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.0.829981789\953849109" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {630ebbc4-84e8-429e-9f29-0481d5799cc1} 2620 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.1.1180109492\1792005525" -childID 1 -isForBrowser -prefsHandle 2476 -prefMapHandle 2312 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {d2ef0e58-0229-4783-aa72-f7d582cf9d47} 2620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.2.781141381\1847095274" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\browser" - {6b3fe609-e86a-437b-a589-d92b62dec493} 2620 tab

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
GB 23.44.234.16:80 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
RO 5.254.118.189:9001 tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 189.118.254.5.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
NL 192.42.116.186:9001 tcp
US 8.8.8.8:53 186.116.42.192.in-addr.arpa udp
US 64.31.10.6:9000 tcp
US 138.197.112.20:443 tcp
US 8.8.8.8:53 20.112.197.138.in-addr.arpa udp
US 8.8.8.8:53 6.10.31.64.in-addr.arpa udp
N/A 127.0.0.1:50221 tcp
N/A 127.0.0.1:50225 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
N/A 127.0.0.1:50319 tcp
N/A 127.0.0.1:50328 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 13.107.42.16:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50778 tcp
N/A 127.0.0.1:50786 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:51175 tcp
N/A 127.0.0.1:51183 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:51488 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51496 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:50118 tcp
N/A 127.0.0.1:51898 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51906 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29442\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI29442\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI29442\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI29442\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI29442\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI29442\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI29442\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI29442\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI29442\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI29442\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI29442\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI29442\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI29442\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI29442\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI29442\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI29442\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI29442\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI29442\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI29442\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI29442\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI29442\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI29442\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp4r1xytd5\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI29442\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/2728-485-0x00007FFFC4990000-0x00007FFFC4991000-memory.dmp

memory/2728-484-0x00007FFFC3EE0000-0x00007FFFC3EE1000-memory.dmp

memory/4800-511-0x000001E6742F0000-0x000001E674320000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiled8aX9q\extensions.json

MD5 3a58993c9e35878fc13c37ae442bb8a5
SHA1 631cf68cf81658fb0dafa209ae1e25b0d94cf940
SHA256 13871ee45ff7ebeace3b0bc518ebfaa9781b679f7358f1d2f439458df447416a
SHA512 e9454cb050fe71c7a0f1f51d1147c965d6cdbb41e9f9054bac7c423cdd3cd1ed2488d85d165e272241950fa7921f4842dacd1f80dd8f474d135cd3e11e92ac22

memory/1744-546-0x000001FCD9980000-0x000001FCD9990000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/2728-593-0x000001FC5DFC0000-0x000001FC5DFF0000-memory.dmp

memory/2560-602-0x0000024536860000-0x0000024536890000-memory.dmp

memory/1776-603-0x000001D99C170000-0x000001D99C1A0000-memory.dmp

memory/1556-601-0x00000264A4A60000-0x00000264A4A90000-memory.dmp

memory/3580-600-0x0000023BB0B20000-0x0000023BB0B50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiled8aX9q\prefs-1.js

MD5 02ddd358db0790ca7ff51ff1a394f341
SHA1 d287eeb7ec15143a685ca9d64d28ad9b0d8454c6
SHA256 b1078d4f0bd5e08fee92309aeb5a839831c22c0d1281c2e9668c15a4f1b96fcf
SHA512 b9f84fe4b6ada1abae8b04581c6d77673f928a5120c86d3df99421717386b09c7abb6d5737f0de756d11940e2221969f333e7ed8146f786599eae46276899296

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 51c125ac07c4fe75a40084e209c97fa7
SHA1 b6bb9f728f28b8492ea8275a479aadbea592bad1
SHA256 9a07a180c778380b519662fbe9582cbd9ed6fa91ced0c8f4081c9f001c1c6b80
SHA512 ad6bbdb23df9656c5eb491e50e262e9c40f883be29ba6733fd25617e6675796ecd22adba2bd94444494824a37ee4727f246987c6448ef2e1d3d45ea0723e9b6b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiled8aX9q\prefs-1.js

MD5 32771fb0c2d222490be3eb7e3fa84a3a
SHA1 bc8a20cdcd46f8724b3ab0c9f4e4882330234332
SHA256 b7b76b49010567cc00bec241083cb821f8fe974efea3d5c3b4d3a33636d0a6c2
SHA512 c05964e42964ff24981bc5966a387aaae5e6f4a2e6b33e53e5b3bf1cfb005a88d6481e3762606d53d6ec7c05489cba61c152b305555eca3f57e362bb153e8007

memory/4736-679-0x000001E27F220000-0x000001E27F250000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiled8aX9q\prefs-1.js

MD5 91b39070339a0a4dd9578bad3784a374
SHA1 6e6ae07bdcf586636905fcaab9676b81c4b9f984
SHA256 2dfcaf6d5be4d90d24d79bfe2f64683214efebdb43a13d74805a10b5b074bb91
SHA512 e3c9acd30dec0a2d40177a5ea6884b5dfa2b6cb5b16493e5646a98ac0d093305681b5c2744e7c9db0a566f3d2c041015cb2ef77118914cc800f3aa56de4ec575

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\prefs-1.js

MD5 47a906b57dd50c7f607e9bef222a5bfe
SHA1 9ad97918eaecf4d52bc9f3b3952344986b79fa6a
SHA256 6b7ac7db931fb7c3ffadc2ae60a7ce490cf96ba825e5c2aa2b0e1b0be433f52f
SHA512 521048f1e8a17127391f2b2f3ee9880bb71c21b08f6f28c37b4aab1e14f861a870a8bfc32f4e77c23cb63fa1c119ff2ab92b10d60492276b0718a8eda1181ae4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\prefs-1.js

MD5 4eb8d43e94c431111dfc109d26dbd786
SHA1 5d9d44a2039d8292966ebaace61cd636b3462369
SHA256 a124e11f2ded6365db162993ed6612a63fd13512f5d08e145ac360722c684cec
SHA512 744e91126a41461264ed278ea7eb763b4c7146c13ba5b20b08d53810c11e75f53b80830883805564479adf1187824dbf1b237235c06a18c51e167bf5d25c5444

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\addonStartup.json.lz4

MD5 d2e3c3db7137190765db13c4d5a030e3
SHA1 e0596de4cc263885bc6ca1a0cf43b659cc8cebca
SHA256 c3641a97c16a61f81b988137425dd4f7eb2df82e164d6fee229069fe2b5ba670
SHA512 cf050004158a6642127cc0715553df95f92a831476a8df2192937e6ce69b05e1bd2f784262271110edd95900e76a462e0cf3e5319d87596671d78091b6240dd4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\prefs.js

MD5 8c72c2aae1e72ddd1461969eb0d6b821
SHA1 9cb450d92e0e5d36c740228f43a109405d05ee5d
SHA256 69d94819c0e44dd3fba9232adcc6a54233f7370875ed7398daa81e4500c88488
SHA512 ada84bbeadd2046541eaab6ad712872ed3e99fa60e6d0c1dd344e990fe909a03171192f36a00f94729ce294e90dc891cebad2c229daf6b6f389cc38ace1c1c2c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\prefs-1.js

MD5 7d4c57bf4c958bfd3fe3796220f6a4b1
SHA1 e5b9423f1f7f93ff051a8e4c96f1cfd466f327dc
SHA256 4d2128b8eb0e87afe970206573eea0aff0d361bdb409017e888aede620e6d018
SHA512 ca8ef5f02873aaea8adc42712617d02e5441700acaa3a8c9cca674bfdb2fbc22f33e9b7e8ad9a66bdd675b00bb88ea98273ff7121b5f0c7ad99ef5862c29db08

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\prefs-1.js

MD5 6152fdb692b6aedf2364bae554416af9
SHA1 0464e25e626fea02f6497b32ec226c49ac291da4
SHA256 5fdb553f43b07d672bf023d7412b4879a53bdd7d6eed6f3177af4474c63339f8
SHA512 634c647cbe4db495f75e027bcc71859412cba24879abf2ee63d83dfa865c1523c32baf39f211ea17d7a38694f5992ec32c75ce4d0ba7dec5cf85432f41d0ae73

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewYvCV3\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB\user.js

MD5 d4b19a1e22ec00c3b4304e1ea45b8250
SHA1 870894d0f76ba873bc9e01c92d818d598c7bdc2a
SHA256 7ac58dcad4024135757b563848ce422b2cb4b8374b8b3e15d0dcca6727392c58
SHA512 8278b3c1b7f80ebdc66e3acb69eed58ce6fa46796fe831d459fb2c45a68122b8f8008f06a4dbde5d2a74b43c98212d129f56931ecff2b718fd1a370a60a9335b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB\prefs-1.js

MD5 956c078cc36958348a6946a6bbed7a23
SHA1 f6c02e634cbc5740c8a5edc05afdad9d2940d2bf
SHA256 05909d54ed31aee1a99eced0809bb93815da66ee9392926a7411c86941561327
SHA512 c7e333c109e2b2196497272f9f7373d38cdcfb5580a243839a288bac4611f4a53862a98c0d194394ea2a64324df8110b774ab843863088f8c23c4b41cd985a2e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB\prefs-1.js

MD5 99dcc85fcf52f980f22d374bacc99bf2
SHA1 be10c27c8fc541ffebc7fdab187aa7b355b400b1
SHA256 7530ab1ff1e63f614d43ae2bcbb1cd195a0be0251e258363be0044d31ad30af8
SHA512 d1d45f7b04cb0b04d9e0aaf9b175ceb77cd870e21d288be367abe2a804d82980591908f5e5113544750d3c74cfd90d22515154f9cab96c2a139289f82d798427

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1DxMRB\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQBWN6I\prefs-1.js

MD5 8201934c470823dc1bad05c0ccc41b10
SHA1 a7c4567b5c29045bd7d0dd1725ffa0e5880d99d6
SHA256 643e9fff89f5904cb291b294b81b85dd91edde1783ce4031f17751e011ccedc3
SHA512 25311e96b7b2b7a00826617187930207112f108e2291885516aadca764cce04b8ab396439c12dc832a4b731192760ea289294a9cd6eb751412084faca9dd2f36

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQBWN6I\prefs-1.js

MD5 f1e239e18e932a1da9fe858af49675e7
SHA1 09518c811a8d3eb095322ee5c8c9cbb187616607
SHA256 a6595cc04defa55413e4168ced0224e995f11443e7e7d4a43499e22b8b34e1f1
SHA512 40971ba80263fc33307a21abf691f4c13fc197c7b5abeded030a83ddddf84b1f323abdfa3ee85b2ae55fc86ae461d90a25c75142c7bf9452d28cea032595858d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQBWN6I\prefs-1.js

MD5 f8b9e2cb66a89e8dee78536b72d964e0
SHA1 5abbc195922f99c1c7297e4c60ec838d91802749
SHA256 2a150ffb89b9a5badc4c7cefef60be0538600dd85121c699fd28f6ad1582e40b
SHA512 9e28bea3cfcdbc5cb83df73edd4fa965d9926eaed5acd948721fd95b77775003104646192365ea5f8180b92f821ecdb0c679186d899bb42745e0ee7b84eea182

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQBWN6I\prefs-1.js

MD5 20b42e523fc4e9c674060be742567641
SHA1 306a5f8e18450ec1f75d2b252f3409689580475e
SHA256 fc60e3b8209c63829aacacacb7753841ee88015d4ae6c45fe9c497b42292b09b
SHA512 6392c3017e309b4f084dae54dc0064816e73de45d5b8d0cd71d9c18af80e16e8abbc656aaaf249807c2bc9e9b71a6b0dc4c8cb3a9c58b2b993a6be1a22ad54ed

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOUvff1\compatibility.ini

MD5 ff86f4e5647e7660d3a2ad3982f09217
SHA1 7fabc50fe332a62922fe78f9aff1ebdcf8ba46e5
SHA256 b694b8a8c4f5ad586172213c02e2230f3e423aca5b6f13af6946fd52958b98d7
SHA512 6ecfc4a07cae0749180f80e980e877455f77618405273a6dff041a6c6463f147f0e1511a9723e7c32085941b8d245844b4adc437b9a2fa82324f5500bf9d23f4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOUvff1\WebDriverBiDiServer.json

MD5 846f12df733bce961dfe19ddc2a8a6e6
SHA1 86bba18667d13eb4d6832717307f39d954fe10cb
SHA256 f734c410f26c959e451bbdcd896315cb162a6c3b43be2c2f3113be191fe4ca0e
SHA512 e7072d8cbb8cdaefbf36954eba1ebcb17d00f7bd3d51f4aaf423c6adf3e409f4993489a6a33f871f8c110130c8316986da1663abc13e97af5545f41554ce0a88

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:23

Platform

win10-20240404-en

Max time kernel

303s

Max time network

323s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1012 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1012 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4736 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4736 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4736 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4736 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2316 wrote to memory of 4260 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2316 wrote to memory of 4260 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4736 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe
PID 4736 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe
PID 3288 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3288 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 3120 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe
PID 4548 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe --port 50072 --websocket-port 50073

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50073 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50073 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.0.1923367822\584883638" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {30bcaf33-c2ab-40b9-acae-9cd286a86a0a} 4548 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.1.810885872\61874801" -childID 1 -isForBrowser -prefsHandle 2572 -prefMapHandle 2568 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {e4fea100-edc2-4703-8011-9bc399bf169c} 4548 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.2.300128586\1377190571" -childID 2 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {06786097-7439-4437-83f4-d0be509f12b6} 4548 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.3.899608433\664769378" -childID 3 -isForBrowser -prefsHandle 3256 -prefMapHandle 3268 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {6d9b2c31-c698-469c-a0e8-3fde10c315c8} 4548 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.4.1851958925\1809792850" -childID 4 -isForBrowser -prefsHandle 3512 -prefMapHandle 3516 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {9d0672fd-b57e-44c9-a19f-e3bda51c299c} 4548 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.5.1702848664\986246600" -childID 5 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {c6fac9f0-5d09-447b-9bd3-b98819568ae1} 4548 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.6.371115131\60802819" -childID 6 -isForBrowser -prefsHandle 3880 -prefMapHandle 3180 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {7cdffaa1-1166-46b8-8196-1f8f2c42c4ac} 4548 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4548.7.2029937263\1253547826" -childID 7 -isForBrowser -prefsHandle 4276 -prefMapHandle 4288 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {9ef77c17-cd90-4c67-9b63-6b1218397a4e} 4548 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe --port 50072 --websocket-port 50073

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50073 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50073 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.0.1727223389\1125222287" -parentBuildID 20240416150000 -prefsHandle 1496 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {946445e9-b36d-47eb-9390-ac92bf913df3} 1484 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.1.1739726420\2103711210" -childID 1 -isForBrowser -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {70fa6fdb-1d2c-4585-8f3e-7b2c30d9413d} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.2.1662741685\1020911502" -childID 2 -isForBrowser -prefsHandle 3284 -prefMapHandle 3280 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {14484620-5d52-4b10-8ac5-d123ceb3b009} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.3.2103776679\938325321" -childID 3 -isForBrowser -prefsHandle 3308 -prefMapHandle 3320 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {bad6aafd-2ebf-48d0-a3a0-d5f93a611848} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.4.473230252\1261563825" -childID 4 -isForBrowser -prefsHandle 3516 -prefMapHandle 1364 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {c0896f11-7ed8-4bba-a55b-a73c36999754} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.5.154099061\433972382" -childID 5 -isForBrowser -prefsHandle 3668 -prefMapHandle 3672 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {6365020b-bcc4-45d4-ae40-3b07ed7d4938} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.6.695016947\1508284191" -childID 6 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {7a6343ef-b717-421b-8498-26aaf3f5d62a} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.7.172634441\1597578315" -childID 7 -isForBrowser -prefsHandle 2036 -prefMapHandle 1184 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {777e4250-c7e8-425f-b68a-917107fde1a9} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1484.8.723977084\1643823283" -childID 8 -isForBrowser -prefsHandle 5388 -prefMapHandle 8340 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {58027be6-70e5-43cb-8692-4ebea273f5b9} 1484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe --port 50072 --websocket-port 50073

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50073 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMu5uiC

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50073 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMu5uiC

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.0.1929295236\592840721" -parentBuildID 20240416150000 -prefsHandle 1500 -prefMapHandle 1488 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {41b75e1a-5863-46ac-9933-2ac015557b5f} 4840 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.1.701780446\1385967394" -childID 1 -isForBrowser -prefsHandle 2572 -prefMapHandle 2568 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {fd4b2624-f3d6-48c9-b627-5d710975657b} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.2.992491860\228494333" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {b183771f-b64c-44e5-8e90-9afa27f84c06} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.3.1089434604\759555360" -childID 3 -isForBrowser -prefsHandle 2976 -prefMapHandle 3020 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {b33093eb-2b54-408f-b8c7-ba3ef3d241bd} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.4.1944971740\2013165447" -childID 4 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {23c4a23e-403c-43d3-af45-3912c533704d} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.5.1683842218\1284700886" -childID 5 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {befb0eee-9645-4267-b1b4-a48d3e2afb34} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.6.1790162372\1018254491" -childID 6 -isForBrowser -prefsHandle 3584 -prefMapHandle 3708 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {7f8a6625-5e0d-4f0a-a6e6-1b704607b6ac} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.7.1450922029\674342184" -childID 7 -isForBrowser -prefsHandle 8448 -prefMapHandle 8452 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\browser" - {4aae722e-7744-4b7a-b1b0-62cdcee512b7} 4840 tab

Network

Country Destination Domain Proto
LU 104.244.79.122:443 tcp
US 8.8.8.8:53 122.79.244.104.in-addr.arpa udp
N/A 127.0.0.1:50106 tcp
N/A 127.0.0.1:50120 tcp
N/A 127.0.0.1:50072 tcp
N/A 127.0.0.1:50072 tcp
LV 94.140.120.130:443 tcp
US 8.8.8.8:53 130.120.140.94.in-addr.arpa udp
NL 51.15.95.231:443 tcp
DE 89.58.52.69:54782 tcp
N/A 127.0.0.1:50270 tcp
US 8.8.8.8:53 231.95.15.51.in-addr.arpa udp
US 8.8.8.8:53 69.52.58.89.in-addr.arpa udp
N/A 127.0.0.1:50278 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50072 tcp
N/A 127.0.0.1:50072 tcp
N/A 127.0.0.1:50072 tcp
N/A 127.0.0.1:50676 tcp
N/A 127.0.0.1:50684 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50072 tcp
N/A 127.0.0.1:50072 tcp
N/A 127.0.0.1:50072 tcp
N/A 127.0.0.1:51083 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51091 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10122\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI10122\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI10122\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI10122\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI10122\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI10122\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI10122\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI10122\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI10122\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI10122\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI10122\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI10122\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI10122\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI10122\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI10122\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI10122\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI10122\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI10122\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI10122\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI10122\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI10122\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI10122\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpf18xzat3\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI10122\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4548-531-0x0000020A91E60000-0x0000020A91E70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb\prefs.js

MD5 f14330761c9d99b872d9543ece64eac5
SHA1 d0d41f8f441c9cc09cc8959d00ca18ce7db16288
SHA256 f338c668f049d4ccc06e73973a535c28db188b538104c2946aa8d1cd9dcd408b
SHA512 66d7ddb1a640d7505e7a3d175e3de3e569bfd09aa2912c6e2debbca0c8f856311aceececcb920e9c8763715bfcd2d414fa92902ac4e81daace7f5050b5d20fab

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb\prefs-1.js

MD5 4a76aebd75c2e979d98334ee3a6d2047
SHA1 2108cbe11efd11f2326017977bf0266481b8e4a4
SHA256 8471f2025e212c2d6baf791099be39891a7a189069b9374322a1861800666ebc
SHA512 48d0a0ea7e37a7ac523f1b9fc336bee3064769e09a59bec4c54a7e35e6800d05c548ea9b293deb975bf2fc69342ecc10ca5e30112dbb8cce31d0cef371c77518

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 27e6a6bf35274abcb3fb8d176a62556b
SHA1 4ab82b827564e287d35ac972c743766761f852bf
SHA256 16f1ea05e8f14641d6351a92fa6a2196ae26edc5d04b392c12831ffdbaf7712b
SHA512 e360a35ecb702d2a09d1dfddca043a8cfd133caa4816ec96e22a4fc1c8af2c1ceb516abf85b743d787b0c25c8241eb308f8ed1767d88b8ba9faad660e045941c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb\extensions.json

MD5 a3e83ca2a153364ea91dec26cfa4e3ec
SHA1 2e529fadf6980a433c60d2e986a94da21bb99fa5
SHA256 ccba7fde3daa93c576e35479e6fb87adf3b5cbdf18386f030d8faa49466d7024
SHA512 58d163acdcc40cb35ff3898a1e1df573b4a218196f18836276ad703fa20259b242db87aaa95fb4b699db7b06ef04f20218eeefca99d225ca4463b2ff4a16f863

memory/4548-582-0x0000020A8D920000-0x0000020A8DA90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb\prefs-1.js

MD5 a7926fd2e055851fc40c3bc72b566982
SHA1 8fc0756ba8c5d31f5ce5ef736a076a40b0c90489
SHA256 f49572950cbd4d04c8c5ca22318c7f50af6b19ceec2ac9ba26b8e1ce99066f0e
SHA512 2868ab640c5dd9be882d37e20b29c206e099ee516fa7b6f2280eb51454d544751526b99a1cb69afa00a091d5154ee541813d3fbbe3a5b3821bbd637c79765dfa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb\prefs-1.js

MD5 fee2cd63b7f2821972849efd9ff695fd
SHA1 ed68f6e391a3e987236c78c6bb66540ab18b9a1b
SHA256 245fdc4c095710f5d62e0065e4dc8dcbb13d1569785aaad3663eadada45685cd
SHA512 cbd5967085a8dd5d560c0cd3f08939e32c051614913863168eec35562133218dded10d839b8a09c6646b05dd99b44792762f230d8b73ce1c4cc3049c1a5be4b4

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 65524576b3237511fa8f4103f80b2848
SHA1 ad1fea6ab7b757147cdc1578f8bdd46739a54dea
SHA256 8bdbcdf5f3d8d68811c22c61ce7cc4994af93e4fdfbffa1e1e05d4a303549ca2
SHA512 4c751816e9a7a08c834a934b00dcd5f79b11dfd13662fdffd8b61da97bcaa0e903eb64511ad82490c17169584f4d0cf56c3bb85477effd5a9b926e8af1eda764

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerbU1Tb\prefs-1.js

MD5 f5ea5d57ce63e5cc79e7ba5cf36dcfd8
SHA1 c9bde1d2bd1496592677c124ebf8bc8d6a433785
SHA256 36aa4de922edefba1f2d393fbb18b3c5f57b95a3d1c00706f7a1f4de9ac04dce
SHA512 ffc985ae1e3254d88fe54c5f8adeb13beae1eef4a6968f18a45581802cc33815422f03e6ce1e80b6c76e93cfaa7cd0eb14a960c31b1dfc243a7aefa7725d3553

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/1484-904-0x00000268C8900000-0x00000268C8910000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\startupCache\webext.sc.lz4

MD5 66957797e13fa3c0bc370f72d6697a1d
SHA1 c004500d1166efc36adb5bc54343ccd959d43e13
SHA256 0b607644c32a891234a7186c37b4a0a04547ccf3c48f532ef2c6b7797d8fbb76
SHA512 f9174ff60150d9c8c852c2b42928fcf7754ac7463085deb94fff658807508fe80683a4d0b067c1d2de5cdebc70b211ba69e7604db1d1789fa6cb561d266d4b01

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\prefs-1.js

MD5 5cf1b04673404c6f71b082df996ef162
SHA1 7f4c3c42fd108bba910c996275bac1e044ead7d1
SHA256 44a51402669d33890a8d6f1a62b89d6f69f6abcc710371d99689255bd2331f74
SHA512 1316f5808a901b720490cbe7bf55d7c643696315cad0d6e44ae4ffffec68535248c04eaed3aef9a4f5e8fafb985cc5797d5d6322c3fdcbe9748fe6b9bf9c3116

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\prefs-1.js

MD5 c5fa4b77857d6abd1923f98219d4b26c
SHA1 1c0783c89324120d1d2ef5aba2002910305a374c
SHA256 496750aadc6266369086a04dde9fff1e732d04480190ad3fc004adba87aab0bc
SHA512 25687e1d70d696bd38d0934faf2ca6640c68cc8a663acdbf6817fee17774ffb6685df2ffc6febd0a03a3d4e731e66b950026eeff92b170e0cc87acbab63aa4b6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\prefs-1.js

MD5 61ed8f0c9b8c8fc37d4aafdcff24d23c
SHA1 e17d1bb51ba12d9d4c13266c021f45e9b658626a
SHA256 09a1c897271b82adfc127166a7f0eb7dd5906c3f6349b5131bad1505b16d873d
SHA512 d55ebf51f351cf163c5b2cff4158e2e04f3ffac852a730d1115bb4e5c38c36ec4eac99ec8e0d674099b0c0c2296f5d520cea39d16456a4ceb0fd8682a1ae3ab5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGlcoSu\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMu5uiC\user.js

MD5 77d7af1b6dc89d7b9fa7f27d30e6c040
SHA1 ff461b64c16157216c8c9d32024e352641161581
SHA256 628b156170a0fbbdae8e51ab6739baf254ad2c75c770480e1df75e03d75446cc
SHA512 62d1eb2bd35207333c34203a3be48d2ed7d4360fe3b834edf6aeb38a12951484cc554edf14aee5d467f0bc9ba908a2d7f08a106aa9b321026d981da62d01d7e7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMu5uiC\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMu5uiC\datareporting\glean\db\data.safe.bin

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMu5uiC\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win7-20240508-en

Max time kernel

300s

Max time network

306s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 328 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 328 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 328 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1904 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1904 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1904 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1904 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1904 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1904 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1592 wrote to memory of 440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1592 wrote to memory of 440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1592 wrote to memory of 440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1904 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe
PID 1904 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe
PID 1904 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe
PID 1632 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1632 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1632 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 2636 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe
PID 1976 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB52x3B

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB52x3B

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1976.0.2126483257\1039774200" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {1b1472bb-143a-4ac4-a14c-d25ac7111dbf} 1976 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1976.1.533738699\1972505847" -childID 1 -isForBrowser -prefsHandle 1656 -prefMapHandle 1908 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {948ffd2a-147f-43dc-a4a8-0cfea0ae6774} 1976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1976.2.958309666\159737797" -childID 2 -isForBrowser -prefsHandle 2224 -prefMapHandle 2300 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {13e96fa1-13b0-4c65-a8ae-884a882baf57} 1976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1976.3.532300832\2088254518" -childID 3 -isForBrowser -prefsHandle 2668 -prefMapHandle 2660 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {6a65f66f-d8bb-491c-999c-810cb322afff} 1976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1976.4.206327119\673318967" -childID 4 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {e8c7571f-2e79-4d01-bd9a-89303dd93a12} 1976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1976.5.431552053\1445265700" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {50f5dace-f4e2-416d-a2e5-b8073e907b8d} 1976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1976.6.862806142\340131399" -childID 6 -isForBrowser -prefsHandle 3124 -prefMapHandle 2828 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {99e91bbc-743d-47e9-b19d-ce35d3004851} 1976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2552.0.1544005724\1757996492" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {40efe9a9-8855-4d28-b30d-05b157feb326} 2552 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2552.1.1316520537\759350858" -childID 1 -isForBrowser -prefsHandle 1828 -prefMapHandle 1776 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {55833ca0-43cc-4fb5-a404-f9088b2d0cb6} 2552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2552.2.151057246\1858436526" -childID 2 -isForBrowser -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {cf6fd63a-c0d9-4b08-81a7-5b8c4ac76b66} 2552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2552.3.1722821020\283416476" -childID 3 -isForBrowser -prefsHandle 2308 -prefMapHandle 2296 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {ae96a357-d8e1-465e-8187-6b32e569d946} 2552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2552.4.161612046\1636009652" -childID 4 -isForBrowser -prefsHandle 2732 -prefMapHandle 2728 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {1990a859-fe3e-4de9-9a99-cf243deee591} 2552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2552.5.1448919802\1119794044" -childID 5 -isForBrowser -prefsHandle 2892 -prefMapHandle 2896 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {5e00a183-9ef5-420b-8bf8-4de18e1079a6} 2552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2552.6.1211899647\513742247" -childID 6 -isForBrowser -prefsHandle 2940 -prefMapHandle 2944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 856 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {33fed46a-724c-4e30-ae4f-94393881165f} 2552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="492.0.1008578388\143336756" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {c5e904c0-9c75-4829-bde0-ded5c2a743bd} 492 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="492.1.143281387\888723675" -childID 1 -isForBrowser -prefsHandle 1536 -prefMapHandle 1532 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {4e19bc12-fd25-4da8-827a-258fc52ca054} 492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="492.2.64358834\1652570389" -childID 2 -isForBrowser -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {f05ce89f-3b02-4e80-88e5-c39781825870} 492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="492.3.406290685\1738468242" -childID 3 -isForBrowser -prefsHandle 2348 -prefMapHandle 2352 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {e9e73422-2c0f-484d-9e5d-9caf2bfc30e4} 492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="492.4.1159915067\53230265" -childID 4 -isForBrowser -prefsHandle 2544 -prefMapHandle 2556 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {dd81a26c-c654-46fe-b0d5-53e900dcf8a8} 492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="492.5.1536682109\40627461" -childID 5 -isForBrowser -prefsHandle 2876 -prefMapHandle 2880 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {4ea8d872-281f-4051-adfe-b33964cdf4b7} 492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="492.6.1740025108\1143388121" -childID 6 -isForBrowser -prefsHandle 3048 -prefMapHandle 3052 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 824 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {60a8a96d-467b-4d42-98c0-99e2f93fe3bf} 492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePaR49m

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePaR49m

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.0.425410798\419479655" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {0c1be9ae-c0a8-4b35-9caf-989633c5aebc} 2448 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.1.1686582024\1326027366" -childID 1 -isForBrowser -prefsHandle 624 -prefMapHandle 604 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {39f7955d-f521-4c7f-9345-ff2fb66e4bcd} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.2.2056438905\591687785" -childID 2 -isForBrowser -prefsHandle 2236 -prefMapHandle 2180 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {f0a66a86-b075-45d2-bf4e-7b0a1b9dd57d} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.3.762148531\1212663260" -childID 3 -isForBrowser -prefsHandle 2564 -prefMapHandle 2240 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {edadd851-4428-45f8-a0a8-de366ac178b7} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.4.865490189\1170493055" -childID 4 -isForBrowser -prefsHandle 2768 -prefMapHandle 1104 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {f2f614c7-e1f1-48d7-b170-fe5202d34fcd} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.5.1805581957\390000337" -childID 5 -isForBrowser -prefsHandle 2888 -prefMapHandle 2892 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {8c3ac54c-6942-460a-9202-8a1e511759e5} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.6.1107854109\478250680" -childID 6 -isForBrowser -prefsHandle 3040 -prefMapHandle 3044 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\browser" - {d0c80396-f154-4f00-8fe3-ab86afe10a6b} 2448 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49572 tcp
N/A 127.0.0.1:49575 tcp
US 15.204.11.249:9001 tcp
DE 46.101.165.197:443 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49666 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49701 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 37.60.243.121:9001 tcp
RO 185.198.56.195:9001 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:50154 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50189 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:50630 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50665 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:51107 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51142 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI3282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI3282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI3282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI3282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI3282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI3282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI3282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI3282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI3282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI3282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI3282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI3282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI3282\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI3282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI3282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI3282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI3282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI3282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI3282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI3282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI3282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI3282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI3282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB52x3B\extensions.json

MD5 a7be7c2782d5088a0eb834602e305bc7
SHA1 07c28230dbba063866c1a5ac6bb96876127fb9d5
SHA256 79bd34352647ee0d7b6f72eed41d6a08249c6fa68428ac5c7b47afda28255447
SHA512 4d08874add8c7951aa9dc4baf4f7c45f974a74c995186dabf6af59c3255d97249b0e523bd3855c102e8a01dacbeefc92a9cc3ef4d0b76e26876fe4945888fffe

memory/1976-692-0x000000000BCC0000-0x000000000BCD0000-memory.dmp

memory/1976-691-0x000000000BCC0000-0x000000000BCD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB52x3B\prefs-1.js

MD5 e2f58b101cdd40ba9fad627ef77a7f4d
SHA1 54ef8615d261b021101d2a9840a4392aa070f2ad
SHA256 5365d53ba45fa2874349a098a0cd33f3d93c2f208c14d1e9d53d9defcfdef8e6
SHA512 326a4be066e9ea6e88fd96aa02bdeafb06d0863949bc3fea1725f5eb81770ab6981702829a763157d18deec7b06208b0d7ed3942eb1ac8ef6ed3e2197853b02e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB52x3B\prefs-1.js

MD5 8e1b61f211afab6b5fffb35482ca045f
SHA1 e878ea37ec7026e421b0398a5ce9ffaa5b20efd7
SHA256 9d2f611f2e4973be06d8cf295b99236103132c5e3539ac2659c8f0446a86b3bd
SHA512 f118486e88e7fdb793e252927a69c9ff658f82fb91c0114302121ceba963182dff3f0bde166077c5da674ea420b2a5e9b8bf0d7f4dfb90e769457b98edf3a31d

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 8ee34be1840dda52ef38f5681994fcac
SHA1 d8ccd21aa78c22e44eff1ea3d75723ef5662a3e7
SHA256 bddd031ec6b0a2919d69cf081031b3e1e6c8b36194656e6485c60992897899e9
SHA512 dd14b072814da3d9adae35d977bdb9bb165ab292367419a368794376e7e6c2264f104849ca3a384144e938866494b89ec1c645b7c199e577de2c9149b212f056

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\prefs-1.js

MD5 d09c1b1fa9a019d01559afca0d6646d8
SHA1 67398598a5e8cca9d16b8c4cf6617a8658219744
SHA256 18b8a56f702aa85bd4a0f4c4d4d183bb2a6fe98dd57760dda0fb1b630668e9fa
SHA512 e1cb4a028885b126099aa9c5429eb49d45684b0c6e8045005aa3a70aee9e8d95ac9381681bdaf14053d77b67b38520efe9b0dac0fc913338e3ea31dab8614d59

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\startupCache\webext.sc.lz4

MD5 c4598c87fa80a5c002a15fc8fa252ebf
SHA1 c5d6c9c7ee10b9521371f30681aeb2240597ad9c
SHA256 6a5b630db78d3a5a54e09ef5e4c18b4cdc37a796f768c50c4fcbf647fdc8da43
SHA512 f34b92ad519d6a341ee941d4285f89f8acc0ac92ca392ab2642079d3412cb0aa6d80a053afb4943858ff2b3ac05d2a69b4142b029561fb0a47dc8d3100e5a4e9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\prefs.js

MD5 9245610a8c0c3216e55314bc28f0192a
SHA1 0421cc16d25a75f6f11549feb1dda8db43142c7e
SHA256 a9838b091b88608f17cdc37533948e36d62bb5cc046eac41ca1b8ef7c29ef7d7
SHA512 1ad7cd5a923690dbbd77d68c6d06de7d99b5cc1f12a032c63fb1d3036bb993ba7c2087ef3bec719f32783ac554585f4c017d2fd0a38c0e6cb20db999d68b5eb8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\prefs-1.js

MD5 db69656900ad95b54d60a380da38876b
SHA1 5da7f27d700b42027587edc0a48801115ff16b40
SHA256 a5934afaac04b5c5c68261f684d2c5726d4b676da3dedb3882b716e878e2f4b1
SHA512 9ff9e96f5b94f1c65527e6af5141edcf7d92d546678d1bb8ce4f03183506584d4ff7d553859dcea0f012500ef5ad33cb42ab437702dca0677f58142f39e2eecc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNH1t12\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD\user.js

MD5 d502638f337c879c3b2156841aaeef19
SHA1 2ef78f918d94eb412694840cfaf3b176ccc10775
SHA256 93576500513bf8e744c4851ca9027ff353eca43e1ddec812cb7c0845b119fda2
SHA512 b17a1d1938cf103998f5beac70a3a79caa7677234f84f3fd42fe39a620acd11eb7eccd4b7563794d539411c1a7c0951a2f6c87ca1f6dd2a8ab185121e929412c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD\prefs-1.js

MD5 462ad0a5727f494fd716b7f064880915
SHA1 6c80b87a3f08c1afcf2ee4b230e18647d532159e
SHA256 398cad61812c2615bec78be9cef4f5dda64fe3c7f3a07d2efb5a2652750c7e3a
SHA512 3e81a0068697463e2ecc288b6009d4b8654292d11bbda38957b159fe4662b2d1d4d33db44c5c003f09e9f6716c8e5dd271a150f92d280c7c23b48504a9cf180f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD\prefs-1.js

MD5 fffbb74ce558be2db129b64d4016c0c2
SHA1 58fce469f184624b8f3c8f7bfc3ca80644043843
SHA256 6db5929a9d36f196c047623a0d4f7811dded8c2c53f953ba32b6450bbed92fc2
SHA512 7a89e55e83f94f74c77f811d111a34116dcdb67ebe05d69e74a272ae369d09e2dce2eed86f2300379e285cffcdc1027bfb511f473ceab1097fa6faaaca93ab07

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD\sessionCheckpoints.json.tmp

MD5 c543c589f3219b3a444ae60b83e2b08e
SHA1 e259a2fced0248129e02dffb6e0f01c4b33783d8
SHA256 65f9611478b292ef0f493dfe7c2443e2d4e32f7f1999ad4fb71bfd5949503d27
SHA512 ff2083db0cc99bfaf0f2e10dea6ba6812e1cf32021d826a222948dd8b207dc592cda88c6ecba499ab50e6bf9eba75b0d53110492445b7babeeaa2b12512b01a1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileALw9PD\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

memory/2448-2050-0x00000000088C0000-0x00000000088D0000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win10v2004-20240426-en

Max time kernel

298s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3612 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 3612 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 5048 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5048 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5048 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5048 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 1456 wrote to memory of 220 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1456 wrote to memory of 220 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5048 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe
PID 5048 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe
PID 4864 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4864 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 4872 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe
PID 1676 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe --port 58700 --websocket-port 58701

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58701 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletQgBmk

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58701 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletQgBmk

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1676.0.550004188\72366634" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {58dc0d01-9fca-4d01-a106-fb2eb86c0431} 1676 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1676.1.1125119128\1538354723" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3020 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {3d52d59d-a991-474f-931d-8a819cee2e89} 1676 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1676.2.1539159493\319866819" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {097bb9c2-a389-4c7d-8c06-9f72d54b7d47} 1676 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1676.3.736989894\1503172226" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3240 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {8eb08c68-262d-4a61-8d91-0837d8c2b013} 1676 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1676.4.641524269\533806551" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 1528 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {a5c1e9be-6a09-4a06-99a4-89773bd7d2ea} 1676 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1676.5.1341665291\1069600610" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {d9416f4b-4260-461f-873b-50e5afe0975f} 1676 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1676.6.445515110\1925402498" -childID 6 -isForBrowser -prefsHandle 4220 -prefMapHandle 4224 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {d20cfd84-a787-4dd6-bdba-8c1c148098bd} 1676 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe --port 58700 --websocket-port 58701

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58701 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58701 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.0.1359248997\444987740" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {30314eae-d427-40c7-984d-c509bcb737bf} 4604 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.1.1124676709\1911671637" -childID 1 -isForBrowser -prefsHandle 2596 -prefMapHandle 2824 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {0fcded9c-b414-48e1-9530-28bd17b191ee} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.2.12103062\1538881527" -childID 2 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {967a39f4-04b1-43fc-a1de-b784fd6819fe} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.3.155404475\1373775392" -childID 3 -isForBrowser -prefsHandle 3352 -prefMapHandle 3276 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {4191b426-b914-4efc-91ad-38d30d6f4d67} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.4.389686847\411333441" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 2556 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {1652b1d8-6cd5-48fd-b17e-66a5692ffe33} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.5.1881241587\1513348589" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {3089553f-b053-4dad-a4e0-9747cc428afd} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.6.1307416432\99222281" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 4088 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {aaaacc46-712f-42de-9dbc-0e2e2b9633aa} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.7.1563379941\116528370" -childID 7 -isForBrowser -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {2b822e6e-732e-4acc-81ab-5817fbb211d3} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.8.1050088433\394839511" -parentBuildID 20240416150000 -prefsHandle 4444 -prefMapHandle 4452 -prefsLen 27719 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {2c074cef-b821-4b7b-b28b-1e95add4242c} 4604 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.9.2004010135\531976983" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 2268 -prefMapHandle 4132 -prefsLen 27719 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {f3b81117-d1e5-4723-a9b0-04c001edc093} 4604 utility

C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe --port 58700 --websocket-port 58701

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58701 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyEgM2z

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58701 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyEgM2z

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.0.1386860031\1898921344" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {f3efdb11-af38-4b3a-b970-8aced8c70dde} 1428 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.1.1415861236\153898366" -childID 1 -isForBrowser -prefsHandle 2564 -prefMapHandle 2560 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {031d53c8-adb7-4493-8a3a-d845184c23df} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.2.117483472\241468452" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {636b1192-11ec-4c65-9a56-8c620ec4fe2b} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.3.415429756\1188820068" -childID 3 -isForBrowser -prefsHandle 3312 -prefMapHandle 3316 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {1d7ebf98-d506-45cc-849b-19dfe936ec2c} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.4.1299411597\826931474" -childID 4 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {cbf0ef44-9482-4a1b-b5e9-49ca7d44b171} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.5.223805320\926727567" -childID 5 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {4a42246d-056e-4296-ba2f-2b85329af51c} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.6.105930789\512958160" -childID 6 -isForBrowser -prefsHandle 4268 -prefMapHandle 4272 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\browser" - {de729152-925a-44a6-bbd1-eb25a23528e7} 1428 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
PL 185.241.208.202:9200 tcp
NL 45.66.35.11:443 tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 202.208.241.185.in-addr.arpa udp
US 8.8.8.8:53 11.35.66.45.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:58803 tcp
N/A 127.0.0.1:58805 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:58902 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58910 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
IE 52.111.236.23:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
UA 91.219.30.55:9001 tcp
DE 212.132.79.65:443 tcp
DE 144.76.166.199:9002 tcp
US 8.8.8.8:53 55.30.219.91.in-addr.arpa udp
US 8.8.8.8:53 199.166.76.144.in-addr.arpa udp
US 8.8.8.8:53 65.79.132.212.in-addr.arpa udp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:59248 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59256 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:59761 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59769 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI36122\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI36122\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI36122\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI36122\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI36122\top-1m.csv

MD5 f9e5851b5ec6312f3f3a52d02f8805c2
SHA1 c9d8b9d084d0e57341d4e421424391ff976fc1c4
SHA256 d4e467463c0d5ec61d6f581bd71fd9b0a4ea15a1ee242b7b97fc364a8ffabd16
SHA512 863a22ba5b93ce4d67aaedd6b6e3a993aa777404cb58d31c1dec7d17ed57e2e4658bffc048b53999f9db66c39edbf9b8c11db5a5a6cf42fab365ca544872cf8d

C:\Users\Admin\AppData\Local\Temp\_MEI36122\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 e4ed8f5ccef4b2d8f85e96e382a8a0fd
SHA1 a916aefb67104d555eca01a7ee88964eb1aa2a7c
SHA256 b60719dab2c1f3d172fb9e8b5970d0fa5bff367672b0c2fe1cc862a94b8ea9f2
SHA512 0573e828f4e2bb5e3e60cb9157011dbbb36520febe377d75fd822543d8ecb0cd553fb2592e821a699ef160e2a5a33a4aea93d48e1798fc6c8e14e5e1c95c4de8

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 3b541bf1829dcad039e1872bb22583bd
SHA1 03b8081640e618d52f0ed940df29efdeef20f66e
SHA256 a2a73365614cc789d4f893e425251afd25a7da3c10836a02b958fd1dc4f2d8e3
SHA512 b191800a1e3125e53aa7857a31090c2ae15207fb885e1df7515694ef28ad4157cfd69df2143f2efa9712f3f3405f9978e3b3f95cd257b9b5316711703da503cc

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpvjqbn4vk\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 549e54a44c7326c30548c998a1d16424
SHA1 d4375f9ead356aff85d60375b08db168195d5089
SHA256 fb2df7a858dbfacbedb5ce100bc71dff2b1e1991b2d574c1d3d46701ceea5433
SHA512 7325a6d2ed8cf43c4665f2cda3f4f9578de7a87cf70178eff7e927bb8b58f0dceff4b4bf6029593ff64fab052718cf2da8228275580071de2d0fb77fcb4bb897

C:\Users\Admin\AppData\Local\Temp\_MEI36122\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI36122\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI36122\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI36122\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI36122\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI36122\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\tmpvjqbn4vk\webdriver-py-profilecopy\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\tmpvjqbn4vk\webdriver-py-profilecopy\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\_MEI36122\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/668-483-0x00007FFB72740000-0x00007FFB72741000-memory.dmp

memory/668-482-0x00007FFB71040000-0x00007FFB71041000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletQgBmk\extensions.json

MD5 571fbf867bc667600762e9838a09b6ce
SHA1 da3beee7b3b712956207c97c56c3fe37f79bc67b
SHA256 e0277729c841ca3e38a38d30fa55f24716953df55da27969d3db6e8a6eab1ae0
SHA512 e6ac402231404ba47bde9e58e55480f94e4e2ae8db8bbe13a1c989bdb12ea28e097e6ed9c5c54b1d06151133cd6c21ce482181749bd0fc9dc8eda5550212eac8

memory/1676-550-0x00000234D1F50000-0x00000234D1F60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletQgBmk\prefs.js

MD5 07cd61eeed772ea78fbd0d329389c4a8
SHA1 b06c9262129173fbe3398a396d7c72fb1f5c8a5e
SHA256 47ad072b60bafa8da8db2d5bc218efb327432855b1bd698d54b3ff08c26e256b
SHA512 94f95ee401a71e8d8273aea8a7a1493eb754772390f2cec41c90631f19cead081eb2a0f2e281c0953a5d9d2b8db5dab341a2a32a6585297abf8d1daa751958d7

memory/1676-589-0x00000234C5820000-0x00000234C5990000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletQgBmk\prefs.js

MD5 ec2d0b011164f1a4b88bfdab8609f0ef
SHA1 a00debc2901ace9b331075a65165964bd10c096c
SHA256 a1aba2019823e68f148b387f12a87bd11fe3886f5a7714e2531927c6a4bb2885
SHA512 186595a1d74f5f43a4f7d5420d49d72ad996391ea43f70188e3bc569b6ff8fb8e0547fdccd1f67f4c70bec29cbec024bdf9669fa7293fd06929712d12aa0b2a9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletQgBmk\prefs-1.js

MD5 cca8d1e352d1b947b5b35e3416f4f869
SHA1 687b194372ae20414eae65b3b6f18ffc1f7abb8f
SHA256 847f8d5826ae8b37cb1496890f4fbefcc2850e987c37faf66a9c7dffd20e4d74
SHA512 c3bd48e0e16d4fa9c88c763ef00bffd15cd4a343987bbdd2bf8742ae5073946aa31121b5db852a0ee9803ee711723c7d6394a041da2bef4c768d55f1b49adc86

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4604-836-0x000001D359AE0000-0x000001D359AF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\prefs.js

MD5 e0610c45e7dffdd24dbec9cd62177739
SHA1 c7d9d06a6f20aa870fe141c23d058ef7ba2c8de7
SHA256 631ab89e02379fcb3e45063af5b998e3fa7856f1a468f8a15ff941a6c394cdef
SHA512 f7aa699b0865c19dc60100f1d7a65eb6460f5cefe019ddcf6210a4975ef52b305ef38f042b90eb0921d18ada2e75ee66a2c0debb899a36d9338b2d7adb23e195

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\startupCache\webext.sc.lz4

MD5 d119776b9ab8f93a7d7d99f9753c4243
SHA1 1aa96693088f5c5a3f36aaf26b9842ee6a545ae6
SHA256 11bb5561d81ca0088c0b42a1ced11a3892e282d3d06bacd967de30db1ca872bf
SHA512 c051b9f2f03198e9fed437e110afa07eb2cfea59a130b4d8dae8ed1e86f74a01e854946e0b9a2c115c55a72e25d9086c10fd5b0108bc1a58b60f43396c7f62bf

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 4246332cc59ecc59aae8ff76dfcd7ddc
SHA1 cca9085a12744ca433fde48f8c50754a7c407da8
SHA256 98905feb6366030cc462b185985f05b28c4cd5257d8b379dd9b736df01b1c1c0
SHA512 75ab39eb225ba9468bfd5c24a52153d5b85edd60e5e0fb8d76cdcd8b0b5c5192ed9b620135d7c63cd4039d5e2c95fe653f4024084b74d020b476ef4f95aa69ff

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\prefs.js

MD5 e9b2ca46f497449d49533fc2b6733f5d
SHA1 8a4f09bc651d85e85286cde5a43a7ea1bd7aded8
SHA256 6ea262f1ec85dfbbe793505065a59a1d4f8c3e20c4c9bfc97fa05263efbeb7fb
SHA512 d7d90800c75d602b9d8290782a4c816f73d35472bf865b5c4547604f47861509993a6087119f87ac7d7e2a1abcafe8b14f65e6d45e09151fe20605310aeae15e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\prefs-1.js

MD5 66cc23a609463af6514e2f3b91a76e63
SHA1 a8ceeb3ae2cc5dd62cd62774f91c5e449e8e8516
SHA256 f6284929c475f5a03c5303668ac505bf177d6c7d07387abfb62ddcc20aa275da
SHA512 68495b2ce7c8cdf89fad097c0a22653e92e8c3d57f47bfadb6b86c7f060a01ddfcddea17c09afc5f91188651a52e14907cf198be284f27d67cd6b6419acf3aa0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\prefs-1.js

MD5 e9106fcdbd64d854b02d63573822315b
SHA1 698ac6ed9cd274feec3a3db6cbd03ee3f3ded3f2
SHA256 01696e995727be9d7e3b2d97aafdcdee178d7c4c4ce3c5040ee184ec06dec3ba
SHA512 7b58309f8fa6f001e7b6b386cf7ee074bc92c6850403053ffe16810442b2681e6271266676d9a7b1992f3a22e5fb7282a00e38ee694cc519df378588ecfa5091

memory/4604-987-0x000001D353700000-0x000001D353710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen7PY2o\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyEgM2z\user.js

MD5 0ee1c750304f1c1ebd9cc26b9c59f544
SHA1 f67302c4dc2fa324f666e3e134fe7d9e0f306db7
SHA256 37fc26d752e1912c95e7855c6ac8d726f7a85f0b6ad59c2b24b75fe0f72b7e5a
SHA512 0fc167186961107ff8c92aa205bc6636e5b23956e1f87fa9f3e5a3fd524716054bcfb26f9dbbd0e2eee8f1c6f368fb17f39826a8355e7b58154c47f3789de263

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyEgM2z\prefs-1.js

MD5 e79c4e338e79d6594a9dd4adb09ff0c0
SHA1 3d9f6b2afcb2ca4c8636d8f4d446a9b42d53251a
SHA256 10c28285c9201ce8058042420776173f6026e41b12eedbf851f785bba8e92e51
SHA512 d8c5f3eb248f6a358f56112b1a6a2940dfc70eae44597d775b45c3e199db0c63df9ab35994e9c2c804e8d71bcad3481fb6dcb4b028e06d265938e36c186af07d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyEgM2z\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyEgM2z\prefs-1.js

MD5 c9ff2829f852af63ce7c2a43071dfe55
SHA1 a2723f78c81bcfcb02b9b309562982126eace5fd
SHA256 d927eca993bae672bd8633370d1aea328f6c80d0bb214036d7e4260e46b9d197
SHA512 de2d8164728045050240fccbec8c1422560df7b79da0b2892be3aebfc023ec4eef126d89c981ff2f671e33f2d625232ce5a5193b748d4b10ee7a0726d07aac52

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyEgM2z\prefs-1.js

MD5 d483563e977b661b0bd9642fa91c6f1c
SHA1 f3406c6742c803743632103b756fffac036e3fa8
SHA256 7fd4cd72457a2d33ae3f025756711d170a5a54cc5ea03bd873f1ed56b6b3a70c
SHA512 406aa89fd16833c9ffef838c9b3bdf05661d55486e48af8d30b89496b0fd50ca804694cceddb80c45b2bcf36e1073e975341bc88bc7a89e34e6594c04a516ab9

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:21

Platform

win11-20240508-en

Max time kernel

300s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1544 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1544 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4692 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4692 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4692 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4692 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2864 wrote to memory of 2348 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2864 wrote to memory of 2348 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4692 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe
PID 4692 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe
PID 3180 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3180 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 3960 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe
PID 1660 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe --port 50002 --websocket-port 50003

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50003 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50003 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.0.511947107\113839073" -parentBuildID 20240416150000 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {9d7fef6d-7b19-439b-b369-fe01ffc8724f} 1660 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.1.113747104\1579475011" -childID 1 -isForBrowser -prefsHandle 2492 -prefMapHandle 2556 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {00e0ad74-f37d-494f-bd80-f4335908f09a} 1660 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.2.437887873\301405927" -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {0271f742-1956-48bf-b9eb-41aff6178096} 1660 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.3.728138273\1759131412" -childID 3 -isForBrowser -prefsHandle 3692 -prefMapHandle 3696 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {f901f762-95ad-4d15-8f3f-c9d4303f05dc} 1660 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.4.664742301\795545614" -childID 4 -isForBrowser -prefsHandle 3416 -prefMapHandle 3412 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {b316b473-2bf7-4aba-85b4-c4b7ebaf71e0} 1660 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.5.431174133\972726512" -childID 5 -isForBrowser -prefsHandle 3212 -prefMapHandle 2328 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {473ff3de-6bb5-4121-b9b4-3796a4696baf} 1660 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.6.924904328\1737165512" -childID 6 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {5c5534e4-91bf-4a2f-bcd4-16fb0ad820d6} 1660 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1660.7.855598584\925975116" -childID 7 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {954f9ac9-15a7-4712-a216-7bf13e48a743} 1660 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe --port 50002 --websocket-port 50003

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50003 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50003 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.0.632594500\1722790610" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {3e2b6700-31da-493f-b2a2-a2238dd9f814} 1136 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.1.1802255604\1745210784" -childID 1 -isForBrowser -prefsHandle 2548 -prefMapHandle 2612 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {2df8fa98-62e9-4ee7-945d-724bccbce1e2} 1136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.2.164982501\1707997003" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {13359a9c-f62c-4ce7-bff6-92f7db63738a} 1136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.3.1662986956\1737936721" -childID 3 -isForBrowser -prefsHandle 3548 -prefMapHandle 3552 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {5445bbdf-434a-4791-bcdd-3db844c0df0e} 1136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.4.368615869\1981593001" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {f70bbf42-28bf-40fc-afd3-c9c8844d5a8f} 1136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.5.1100238552\1140634638" -childID 5 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {2127fd9b-e41c-4407-927e-37694edbf6d7} 1136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.6.1160542681\2080541432" -childID 6 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {61958ce5-d855-4716-b82b-db01769cb707} 1136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1136.7.1490656359\1958678585" -childID 7 -isForBrowser -prefsHandle 4508 -prefMapHandle 4512 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {3b061850-2e43-4734-8afd-9c2248c29d44} 1136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe --port 50002 --websocket-port 50003

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50003 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6szDQM

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50003 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6szDQM

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.0.911416597\1148520199" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {f1a67230-fb34-43ee-90e6-cc565d41ebe1} 1996 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.1.2039389669\2053870678" -childID 1 -isForBrowser -prefsHandle 2600 -prefMapHandle 2624 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {6e4efd0e-1689-4a29-94f8-002cd9926dc3} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.2.76866197\1895370737" -childID 2 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {cde4811f-73ab-4975-884e-afcf123d3d0b} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.3.1218312995\1900547501" -childID 3 -isForBrowser -prefsHandle 3784 -prefMapHandle 3788 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {7ff69139-ec28-4153-a995-733658b23be1} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.4.1016475079\549774919" -childID 4 -isForBrowser -prefsHandle 3708 -prefMapHandle 3620 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {33166078-1660-4b6f-aaa2-09ef9e665c18} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.5.176529995\296974962" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {f322e58c-9341-4619-a2f0-1bd0cdc871cb} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.6.1227037168\1155046411" -childID 6 -isForBrowser -prefsHandle 3496 -prefMapHandle 3160 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {c5b09cfd-18fc-44ec-80a7-1bb56711171c} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.7.1934946492\1737399766" -childID 7 -isForBrowser -prefsHandle 4412 -prefMapHandle 4416 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {59450b61-b7c0-4375-a8d5-e768b955673f} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1996.8.415377333\1869051705" -childID 8 -isForBrowser -prefsHandle 8592 -prefMapHandle 8584 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\browser" - {3bf54ffb-3ad1-4de2-8794-868eaefbcea2} 1996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe --port 50002 --websocket-port 50003

Network

Country Destination Domain Proto
DE 185.220.101.47:10047 tcp
N/A 127.0.0.1:50105 tcp
N/A 127.0.0.1:50107 tcp
US 8.8.8.8:53 47.101.220.185.in-addr.arpa udp
N/A 127.0.0.1:50002 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 127.0.0.1:50002 tcp
N/A 127.0.0.1:50200 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50208 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 92.60.36.153:9001 tcp
US 15.204.227.208:9100 tcp
DE 202.61.237.56:2087 tcp
US 8.8.8.8:53 56.237.61.202.in-addr.arpa udp
US 8.8.8.8:53 153.36.60.92.in-addr.arpa udp
US 8.8.8.8:53 208.227.204.15.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50002 tcp
N/A 127.0.0.1:50002 tcp
N/A 127.0.0.1:50002 tcp
N/A 127.0.0.1:50599 tcp
N/A 127.0.0.1:50607 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50002 tcp
N/A 127.0.0.1:50002 tcp
N/A 127.0.0.1:50002 tcp
N/A 127.0.0.1:50930 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50938 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50002 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI15442\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI15442\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI15442\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI15442\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI15442\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI15442\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI15442\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI15442\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI15442\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI15442\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI15442\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI15442\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI15442\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI15442\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI15442\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpmaehsb94\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI15442\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/2480-483-0x00007FF8153C0000-0x00007FF8153C1000-memory.dmp

memory/2480-482-0x00007FF8151E0000-0x00007FF8151E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA\prefs.js

MD5 2a9c566a509a8aaf1cd66a68d5b58d6e
SHA1 f673941a8c654625e20a515a4113bb1fccdc5813
SHA256 08e72a7b9cd6729bb689684af24bdc6988234f4348cedda4c332bcbc2de6f23f
SHA512 cb9a4a96e1c85d5a16420386b60fb0ea1a2d2fc7cb1509ab6a8261513f4ec632faf2f15ae78498d298c667e937eea35d44a027386a1ab9a9b982d5e7213ca797

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA\extensions.json

MD5 7069997e17b688da960e8432a6e5040b
SHA1 f4a8d0f80c5a300587ff659e2d92fe6f4100ed2e
SHA256 d3dd34fa30dc99599e2c34a7a144db0d61aff5a26fca5ad3e74385e2a32ff0f2
SHA512 e92a8440673475811e138323b910414c7deca9f386c4fb49e50675f3bcc737052357249bd9a828ed1c49ed51db17ba223a6a88da828eee816305bfc557f01e7a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA\prefs-1.js

MD5 e4190c49109cceddc68952291cbacf99
SHA1 9a619664bc78d7c59f16a9f18cc8728be9b08258
SHA256 7340ce481edcb45f34ced4f7675981a74b64adc9d53ba09f5c0a6097e7caca25
SHA512 e30005573d03f552db05a8cda8ac58b38f4ee63910ea76930f8189748ba9f141993518c12b2f6f3ac456308a6f5b46747e2f4e2914e3a97460eaf6a570696e53

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA\prefs-1.js

MD5 67f0e1bb2bcaa35158e2fe2a1d1a7aac
SHA1 7704523c79ee4bafccfcab1b3ff28d267ee65054
SHA256 1846951f6e86fed8e247b7b6198e37416d6c4ab30c2e9162e5a9b8461de77d20
SHA512 650f472cdc14f636973371fecba93e4847809a85278dfaec96dba599dae8c1505e566c5078942e39f583cec62ca1b4033ddbb84d89764575ad3929e043d21dda

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 5a0e907f4d7501157bf664d78789c940
SHA1 38e2d24d334bbf823eb69c9ca9394d739b291a47
SHA256 0f859fde7af7dc2782d5b39127a7e095c3e25575c0e2a1f6200aae29f7a866ac
SHA512 e003053ec5f2bede1840bb379ce67a7277b31942e8cb90f08f87c66bd620867246d3f0ce35df1566683b9e0674efa936e5906c0e7160bdbce3f9f7f851c91dbc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA\prefs.js

MD5 3fd43ce71742cca7c8cc21682f4391a8
SHA1 1759689d36b877667f2e5d04ea3a575d5bd1d201
SHA256 72aad22bde9560004b1d8782daba524ee3228752c93a2b5135e3085bbb857c55
SHA512 85779dfbef167dfac34b29c9f03c98922d62e16bf70cdda10defeeff5f8ea2358d4da7c1508ee19039135cbe3b93ad13ab027ac22662b0dc3dfba33ce29a5620

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiM3vFA\prefs-1.js

MD5 693c88835e273444f447e628ed15be0b
SHA1 817ea5f5b3c342b0a9d20725d440ab71ee662a0e
SHA256 556ae6a536d2a29f693a4622bf52dd5b1899a9d51c712cd8856dc970ef070a96
SHA512 9c6185381857a70766d4c83629e906f7e26f694f9ef77862a7ad192a76f708367f1884939fa441ea66fdaad2991d2a4c1d818cd6d1c97691dfd9e0246e3b1f7b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1136-912-0x000001C9184D0000-0x000001C9184E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\startupCache\webext.sc.lz4

MD5 2bafed5b3f4d649e51aabd0b6f9263e6
SHA1 9889b9827af83712fc446b8e45c7e5a5ee9e6a63
SHA256 c91737b344f91bdf5e398e4cf3d463de0c0a5f1741728e68d05de28044304e3d
SHA512 415fdaef832991af6795e9bad97815159e793d63bc18095dd05c5596b4964adac9a06f2640e3a2c93c5bd8a1b4df70a3550cace9a827e728db4c7829877cd879

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\prefs-1.js

MD5 789b02c096f99aaa76fd37c2b6c3b824
SHA1 421c56d0a260b41cea837affc60d2c5b1322bbea
SHA256 db7c0eacdc9e51b87d1bd15e7e7d6ad7d3b6cb562f1caab1c95b703f0f57c5f2
SHA512 c3f331738decc2d0ae2e0ca8ee620577fe133d355a05caf9fcff08d81f85653088a3c27d24a8508ba14a707e9d378d5dd0edc723bfafa01a9e3e019756c1999e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\prefs-1.js

MD5 6786f3383724eed6fbe29db66d7dd188
SHA1 3bc9bcb89af3fdde982f6c5ef0ed91d74f309992
SHA256 58fbf5f26da06a495601896f794cefa0d6dc58cb9ec4a680da9b45b7e386aa21
SHA512 1264e36b71c4eb52f2acb22f65230450c16a37293fd3dcd263a6f3a92349756f190f78ec44f7d42f19361f804e1307a11ee5dd73e7487b74f647391be9a6278d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile44qf77\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6szDQM\user.js

MD5 b6ab91bb95c38a0488b01443af84b9c5
SHA1 aca6c32b6023df8998b45b825e19e3fdbae9ca66
SHA256 a18ff7addf17126b808fb347ff32c4a5c6b25497f0772a600a48d4fbce5f593c
SHA512 f90782a5cfc26720bc4c4785fdbf669f1c38cd515cc30cbb65a0965c6887e88b46a26f702611d71fed58fcc51e2940d8097a3af4775a0a7c6e0aa2a823f77e0f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6szDQM\prefs-1.js

MD5 d0a68270aebd7d0b614a68395e96af7d
SHA1 a82fcfa1237ee99fc67111fb35ffe27b69666f61
SHA256 a46d5b73339da59aa2b83a4a0824ffeeff926fbecb7754fbd6f726e752480244
SHA512 45eeb48f42ea9df882c1ff99790b4bfeb82a443ad775508e611dc770be500750e71898af450debfb1333061eb533c9ef0ad5030e123fa2e8eacfa9f900801bca

memory/1996-1212-0x000001D95CAF0000-0x000001D95CB00000-memory.dmp

memory/1996-1273-0x000001D951FD0000-0x000001D952140000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6szDQM\prefs-1.js

MD5 bd0e08a687b3218bbabf4792de98642b
SHA1 3e82f19ccc1a57dfd456b6ba005e9890c613ff31
SHA256 40ce67e9e6536ddddbae11dcc0a8be54e983f037a25bb1f47d495360b12abd7a
SHA512 61f48fcb9f0c4df3df46b11bbb78f1e6a0352b47989492f95b5315dcaede356e5c7c0c893070ab64454564920fdbb1f89b8c7e3aa2a1017d9b06ca7666c71107

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6szDQM\prefs-1.js

MD5 2ad5dce4dff6b158405643dd0fcb6290
SHA1 f43e946babfcb6c80c1f365362e4135f5362fcc7
SHA256 f65faf92c9e8d969f79650d9e09bb7e757c93dd68c9ac35404cc973dc38b1ed1
SHA512 1230bfab4a6f993a8709bee06b5b76cba22d75e43980bfab3e5d2570dcefe41c133c5d53c5f9a7f1ab58149b7be179e030d584bd4a22389d7e9b75d237d231e8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6szDQM\sessionCheckpoints.json.tmp

MD5 c543c589f3219b3a444ae60b83e2b08e
SHA1 e259a2fced0248129e02dffb6e0f01c4b33783d8
SHA256 65f9611478b292ef0f493dfe7c2443e2d4e32f7f1999ad4fb71bfd5949503d27
SHA512 ff2083db0cc99bfaf0f2e10dea6ba6812e1cf32021d826a222948dd8b207dc592cda88c6ecba499ab50e6bf9eba75b0d53110492445b7babeeaa2b12512b01a1