Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-bjg7xsce38
Target medium.exe
SHA256 335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

335d7d67678ff4475ee0622beef67a923e4962a034ce7ca97d6b08d9c119a3eb

Threat Level: Shows suspicious behavior

The file medium.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies registry class

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:12

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win10v2004-20240508-en

Max time kernel

285s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 116 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 116 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2704 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2704 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2704 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2704 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 3840 wrote to memory of 3596 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3840 wrote to memory of 3596 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2704 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe
PID 2704 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe
PID 2240 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 2240 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 3252 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe
PID 4136 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe --port 51805 --websocket-port 51806

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51806 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX4TBb

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51806 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX4TBb

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.0.1079932559\135578580" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {0d30ffad-f3ae-44cb-bc23-b704c0d64587} 4136 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.1.374385502\1089624613" -childID 1 -isForBrowser -prefsHandle 2548 -prefMapHandle 2564 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {4003c2f2-9d41-47ba-b55e-8b28ba2ba79c} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.2.1304084446\437304490" -childID 2 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {9430b0e9-6049-478a-b759-e68391f62fc8} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.3.120764054\1127421450" -childID 3 -isForBrowser -prefsHandle 3212 -prefMapHandle 3344 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {e46ae1d5-9be6-430a-873b-51ce8487b59d} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.4.92139276\446148738" -childID 4 -isForBrowser -prefsHandle 2592 -prefMapHandle 3652 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {1592218c-0056-43e3-98ff-0b32e58667b3} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.5.208379815\393566562" -childID 5 -isForBrowser -prefsHandle 3340 -prefMapHandle 3288 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {94c93189-dcbf-4fcd-9b22-2c5c0784bf57} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.6.1917589043\1192826319" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {0709e5f3-ed0a-4c55-a2ef-8f7b8a5aed69} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.7.118168498\313144580" -childID 7 -isForBrowser -prefsHandle 4476 -prefMapHandle 4508 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {2e289299-659e-49b6-b4d7-a9a5985d06d4} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.8.468098891\368090098" -parentBuildID 20240416150000 -prefsHandle 1284 -prefMapHandle 4312 -prefsLen 27675 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {c90c34c1-a82f-4f5b-9ab8-47720cbdbdea} 4136 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.9.1546569632\1146405807" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 3456 -prefMapHandle 4064 -prefsLen 27675 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {58675c24-7f64-406f-ab73-eced2b78abf2} 4136 utility

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4136.10.237041873\1851259103" -childID 8 -isForBrowser -prefsHandle 2336 -prefMapHandle 2780 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {f47f9967-4839-40d9-9de6-674bf170af82} 4136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe --port 51805 --websocket-port 51806

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51806 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51806 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.0.414585489\611577976" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {6d98d320-e166-4fbf-a54f-16adc6014f85} 1748 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.1.343570568\1559225201" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2508 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {6b8f76a1-d831-4770-a195-b7ce486f58d6} 1748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.2.686476043\564807424" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3168 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {61c42348-cb9d-4051-b9ac-f3d42942f642} 1748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.3.1809110582\919464784" -childID 3 -isForBrowser -prefsHandle 3828 -prefMapHandle 3832 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {68d0a89b-7edd-4772-a822-0f3b23c23d45} 1748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.4.745449309\215274013" -childID 4 -isForBrowser -prefsHandle 3748 -prefMapHandle 3740 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {23278f6e-c5e7-428a-896f-9c4a3e80ab59} 1748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.5.1428803492\2046154636" -childID 5 -isForBrowser -prefsHandle 4092 -prefMapHandle 4032 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {23c1dc29-08a4-4f01-a5f6-d980138bb901} 1748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.6.537415644\526868032" -childID 6 -isForBrowser -prefsHandle 4356 -prefMapHandle 4352 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {8d7fb28c-3df7-49d5-adc1-6acde631830b} 1748 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1748.7.317472307\849976213" -childID 7 -isForBrowser -prefsHandle 4856 -prefMapHandle 4308 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\browser" - {05332762-7bbd-40c6-a270-235f7fef6242} 1748 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
DE 91.228.52.73:9001 tcp
N/A 127.0.0.1:51909 tcp
N/A 127.0.0.1:51911 tcp
US 8.8.8.8:53 73.52.228.91.in-addr.arpa udp
N/A 127.0.0.1:51805 tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
DE 37.120.168.19:9001 tcp
CH 195.15.242.99:9001 tcp
N/A 127.0.0.1:51805 tcp
US 8.8.8.8:53 19.168.120.37.in-addr.arpa udp
US 8.8.8.8:53 99.242.15.195.in-addr.arpa udp
N/A 127.0.0.1:52015 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52023 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:51805 tcp
N/A 127.0.0.1:51805 tcp
N/A 127.0.0.1:51805 tcp
N/A 127.0.0.1:52455 tcp
N/A 127.0.0.1:52463 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI1162\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI1162\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI1162\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI1162\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI1162\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI1162\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI1162\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI1162\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI1162\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI1162\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI1162\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI1162\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI1162\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI1162\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI1162\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI1162\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI1162\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI1162\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI1162\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI1162\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI1162\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI1162\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpi8cbx_lj\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI1162\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/556-492-0x00007FFE084A0000-0x00007FFE084A1000-memory.dmp

memory/556-493-0x00007FFE08750000-0x00007FFE08751000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX4TBb\extensions.json

MD5 12ef54d6617103e5ca30496cbffb2b5f
SHA1 88c71cdb7a4c29a0088fbf829ec430629dcef52d
SHA256 3789833525e440adf0a835e77e10042431dcd3652fb30447eb4c43411bacfbd2
SHA512 23d2f39b3cb4837992beb6c6d12f438f5c2b77a7977982f89fada37ba6036ff6e02d3ff37e327375c3c49b0516ed5f0fa92e4c67dcb79c1045f6d0fc4db73816

memory/4136-548-0x00000212B6BF0000-0x00000212B6C00000-memory.dmp

memory/4136-584-0x00000212ACA10000-0x00000212ACB80000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 586330c32b6519e09669d9280280fd49
SHA1 c378b93e982c30f11062b648440fbd9acfeec326
SHA256 a936a0e9e8668bfc109403c7f4146f302e2d4b78f960e84b233e3d18e6159ac2
SHA512 926cc075ca12c0604f675841d3ea4381113003564167025bf3ef7654b726214cb1c87b866dbe047563223b66cd2370f17f278074a8d1e21488c40182a981e14e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX4TBb\prefs-1.js

MD5 112f1b4313f758a5769fb1f1230a5d39
SHA1 b9f0f7dcb8aa801ee3518fb59ee0bd2018a65f8e
SHA256 7377922fd48e8d7fd30d9c7422d58326dcca80efef03dc53b5f137260ca9fc4d
SHA512 5fc78d224107437edcce6a4b3c56d83f2e7a8d03f842920213222446a26ccf316831ccaf1d9b46e8c05670c6c1b03761fabf65fb08d9f186f6a345f8d104795b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX4TBb\prefs-1.js

MD5 9c81aa9de0d0c5c1c88d7c079434e3f9
SHA1 272cf5f8b031340b8325680dcd093a1bdb168e6c
SHA256 07abc9eba9686e30c903284837d9a5d5b0a683ee96a9f7137f2adeac551f9c3f
SHA512 d6db7438f4c2e875b1e88c794a09867cda9ebdbcfa6b9dd2809c21b84f5d0c214649fbfa4e59e396ae34982a4a4737393a04201d9b387547b510831f4d88cee8

memory/4136-660-0x00000212B0B10000-0x00000212B0B20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX4TBb\prefs.js

MD5 04af2dd78e990042dbc6ec6a6c9ff31d
SHA1 e012222465bc64107d6f974026b99857d870d922
SHA256 d7316990fdb690a68a01815a3f6533d959e408214ca35febe1988176f1de0e53
SHA512 4cd41e0c9564d24f2db99b36d583420e42d0aa825dd6b1470321a22dbda93295ee77760aef90f8b45ef3c795233ab41cd383f885a4411ffc38eb28ba7b48fd95

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX4TBb\prefs-1.js

MD5 a4f5aea90744697389044626db7f4066
SHA1 a0be45da9e044bb058bdb1215ac3157ae06528bb
SHA256 1c38a82efa5b3df6e546277c1f9df560c1bf26a245c33774632f2935df2167a2
SHA512 cc01ca935885f40b84a6d75802e695386e819253902d16827f3a52b3e32a2d12e2b76cba666e5b6d60ac2d5a9d2edb08b993c54a3bb225085ab83705378da36e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\prefs-1.js

MD5 3722432dc41227f43a743c9c842fb3cb
SHA1 4d4612d7488875a1f50a58b553de48468e203329
SHA256 534ef2ab60cac97bba9066fd24b3553acd41018c79302166843503ad3e2667ef
SHA512 879de0880fbee1bc89ed472e7af275d16bdca7c4571b6ce132d83d51b28eba0d6c9b124236a4a7da5597a458d1539189ecc02c716851320dcc9422dcdd374022

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1748-931-0x000001EBE5890000-0x000001EBE58A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\startupCache\webext.sc.lz4

MD5 5461ba22bbbd37694c345de63e7a9893
SHA1 282ad7ed066239ac6740faab65778f59daa2296e
SHA256 6ad8d7584c370e86baf893d326c0c5e278070afa69103e5fe13bf3adf1a75d84
SHA512 8ed08f46970f38221b957f7ed748658d07f12bc763664a45de72b6a4ddaaf0086d4535f132d7fba1d793ff28e2f56c27d5644a18960f36fb18a2e310f0e5cb22

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\prefs.js

MD5 9215b59d226b06ea69066276e4043529
SHA1 63c6e1701c7358ab94e8d962cf4329a7378ef2d8
SHA256 f6ed8b356f778b8880b39c18e6281014cacd15b6281e386b6b423c2045867338
SHA512 e432196cd57c9d2d0ef7da0564b3da9036b0103f9b14e94fc8675e279d6200cf00d6ddc0622b6ddea0f54a3b4d86fa7168f35f587d795b8f751d81c174848c90

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXhUUzY\prefs-1.js

MD5 a81c1e404b86ad4ac11e1430915adb0f
SHA1 978eca97fdc045d2bac40fb52fc6740bcf4434b5
SHA256 fd13c122016769cbd5a45b4f91cacbf253de678a2ff4d3866a46db9351451d26
SHA512 fba5ab763712d1fe6dae8e66de0f5042bba2343a260586c3c608d9d74d4d171e20125794b9c2a74dec05b92369f4e753b9c3e105166743c38a5e1e44a28461ea

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win11-20240426-en

Max time kernel

296s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2620 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2620 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2040 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2040 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2040 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2872 wrote to memory of 2744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2872 wrote to memory of 2744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2040 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe
PID 2040 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe
PID 4464 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 4464 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 1224 wrote to memory of 3236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe
PID 3236 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe --port 50023 --websocket-port 50024

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50024 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOu8LXY

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50024 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOu8LXY

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3236.0.1000925832\965605925" -parentBuildID 20240416150000 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {6133df0f-45ad-4c51-b69d-a7126059f1ad} 3236 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3236.1.2073374115\1562764664" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2504 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {caf1eb60-0244-4614-94e5-a08c228fa4d6} 3236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3236.2.1416899147\637043807" -childID 2 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {e04b438c-008e-44c7-9955-e1565716ba74} 3236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3236.3.1464228728\2136970501" -childID 3 -isForBrowser -prefsHandle 3476 -prefMapHandle 3256 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {8382f287-1a63-4ffd-8bff-71507f4e3d85} 3236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3236.4.248535777\1147383773" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3716 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {53462fc4-016c-4cb0-bb73-f57d754a1ac4} 3236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3236.5.1824586334\1291014921" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {fb7d300b-4e36-4c26-bfb4-88609e5de9ef} 3236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3236.6.1821028659\571895868" -childID 6 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {86e900d0-3d07-487a-8c46-db4f8bb2f1a5} 3236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe --port 50023 --websocket-port 50024

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50024 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50024 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1052.0.350366980\1479013934" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {3dde353c-afaf-4ec3-8d60-10705309e598} 1052 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1052.1.856875789\2071742872" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 2684 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {53c889d1-9a80-4a66-8308-5e39a31b5f05} 1052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1052.2.2071120695\1404455578" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {1d0bb194-9a03-4185-b11e-42ffeb22dd8b} 1052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1052.3.536644122\305279576" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3816 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {74acc070-172f-40b0-953e-75cc3b802bd4} 1052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1052.4.1810648628\47645915" -childID 4 -isForBrowser -prefsHandle 3536 -prefMapHandle 3456 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {651b6c67-4c16-4cb8-b132-07f934b75fa5} 1052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1052.5.913160926\1515754252" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {9311e4f8-28c8-4e2b-992d-5527a6506db3} 1052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="1052.6.857702550\1910377810" -childID 6 -isForBrowser -prefsHandle 4056 -prefMapHandle 4060 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {b339b096-e4ea-43bc-be76-16ecd8f410f5} 1052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe --port 50023 --websocket-port 50024

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50024 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8BO3H

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50024 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8BO3H

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.0.213368784\47330270" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {8250af0e-9201-4267-baa7-2801f45d8e09} 3504 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.1.1416984643\1577291217" -childID 1 -isForBrowser -prefsHandle 2300 -prefMapHandle 932 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {3b2760b5-84aa-476d-89c5-89e8e5c6ab24} 3504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.2.1700785325\499075028" -childID 2 -isForBrowser -prefsHandle 3048 -prefMapHandle 3044 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {71901be7-d402-4a6b-8b02-a768603d5df7} 3504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.3.473446608\705319005" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {c49460e9-5bd9-481d-a1f9-470ef5e758c5} 3504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.4.1155099571\1845246481" -childID 4 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {3ba6c2c7-4530-4d8d-981d-c4747b270865} 3504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.5.830580823\1945593195" -childID 5 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {9e504f9f-2445-4791-9778-929a40ca51c0} 3504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.6.382594832\1262565348" -childID 6 -isForBrowser -prefsHandle 1548 -prefMapHandle 1544 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {139275f8-be2a-4e91-92b9-50307fb6bc4e} 3504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3504.7.112991430\567076195" -childID 7 -isForBrowser -prefsHandle 4504 -prefMapHandle 4488 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\browser" - {3b0994c1-2907-48ca-b40e-69a3ecf466ad} 3504 tab

Network

Country Destination Domain Proto
CH 185.32.222.237:9443 tcp
DE 91.132.144.59:9100 tcp
US 8.8.8.8:53 237.222.32.185.in-addr.arpa udp
US 8.8.8.8:53 59.144.132.91.in-addr.arpa udp
US 3.225.115.238:9001 tcp
US 8.8.8.8:53 238.115.225.3.in-addr.arpa udp
CH 213.144.135.22:443 tcp
DE 185.220.101.152:11152 tcp
US 8.8.8.8:53 22.135.144.213.in-addr.arpa udp
CH 213.144.135.22:443 tcp
US 52.111.227.11:443 tcp
N/A 127.0.0.1:50126 tcp
N/A 127.0.0.1:50128 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50223 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50231 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 129.13.131.140:443 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50559 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50567 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50886 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50894 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI26202\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Local\Temp\_MEI26202\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI26202\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI26202\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI26202\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI26202\libcrypto-1_1.dll

MD5 6d1ab5e3c5456d0529aaa87f1cd8f627
SHA1 f197f657419d9283206e77bc5b69971b28938ad0
SHA256 2612c5a4df92aa37aaf4f8d382ead6bcf046fc688f6fc56b2493efc3999d4b9e
SHA512 d69355659bd0af8514f8f9787624d7db45905df19bdfbe33d00f79cb601e68cf60063a31f04aa79c7b5d2e54f3562fcfc2c7860d0a01af3dff2b43dc6efe640a

C:\Users\Admin\AppData\Local\Temp\_MEI26202\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI26202\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI26202\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI26202\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7d6384160fc08e8462405b48c58d422d
SHA1 d83b6062f5e178867731c73ca85ebce36e31c806
SHA256 8877695be8bed60e85e844422198d7408abba4ee16d362a9c8f514b85e3365d7
SHA512 168e240ecec07bd2c9b6bfe8afe228662e6d6c42b4f2bf2349fb9d8aebb5fc4fc624ffd0c5bf91ce51b2ccef3cff33133188997bf9aad97a633552c5eb9ecf10

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe

MD5 644e41a4c9066b625e72a8db737de2a7
SHA1 197fde91c657018f144e448c4d8b15560a16cd8e
SHA256 1553d817bf4961cefce8d9ff21c78a84e7c058e398f1dc5eb79ba107cbe7b63e
SHA512 ccc5acc068352adf39abfaa8e5eee140bd5fa54d75d9109d5e8962ed2771adfef6887cf7ea267ed58dbc4be0d0c661af7f6515c92dd1bd1813a3c2409e2946a1

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI26202\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 c2bbf83056f1563ba6f1ffef35824532
SHA1 ee3fe13b20e7948b59bc6d8668369cb79d76af8c
SHA256 7c5b3ad6c8cc78caa41849987d59924b17ad5cf5de6486f6061c807a7c7268ae
SHA512 88675fac0932c3d69c73d24bcb1fc10d4c1d7a850a28b7b2994e9a16bc28a31017ffb5306a083f9db0a9eb9293813b9fc69adb763ee51c26b68e3f4b3dd97080

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpwscaywnl\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI26202\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\tmpwscaywnl\webdriver-py-profilecopy\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI26202\top-1m.csv

MD5 6bc719101021bb8c9e330d64b93400f0
SHA1 c417dc4af8861f15d06a357e62e3e31758b8758f
SHA256 23fceb35195ba1bc6c79c5cee901621f132380b46410d2c9ce99fb2605341462
SHA512 8a97ea8e892e05bb10cdb8bfaa1e03af719ddce07182ef42b1e8c1f89e0fffeb23736a6a98e3645e1ab942c09f3158efd13477eca1d8afe925c2e0cfa8906647

C:\Users\Admin\AppData\Local\Temp\_MEI26202\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI26202\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI26202\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI26202\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI26202\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI26202\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI26202\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI26202\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI26202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI26202\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI26202\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

C:\Users\Admin\AppData\Local\Temp\_MEI26202\Tor Browser\Browser\firefox.exe

MD5 597a8dfe1b9b047e498e333415219d76
SHA1 64ffb2a64b9106f2f42ec56c26e3601fca3b9360
SHA256 9a4b912eb5f90337ed0ddde5f8c3efba4d554f75ce29cde4f0affe1ac8d3909e
SHA512 f633902ccdd80b60a6ea37c507cfbfe2c86d086162763d512d75b5a2f261356406a3fb700ff340c5af86c56c15ca5b3750d7f3e8fb76cef4b79fb7d042da5a6d

memory/4796-483-0x00007FFA873D0000-0x00007FFA873D1000-memory.dmp

memory/4796-482-0x00007FFA888A0000-0x00007FFA888A1000-memory.dmp

memory/3236-527-0x0000026FF50F0000-0x0000026FF5100000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOu8LXY\extensions.json

MD5 a9213dd9b4fef54bc44bb69dd5bf623d
SHA1 b638b480eaff3baeed7f97a030ffa4fc13de7442
SHA256 f2b16692b6d67f68821fc721ff09c9a87960dbf3ee72f4a2d4454bde46d98480
SHA512 b2b67bbac5346b8d9b0c73e173f9674e7cbad789c6c132f5271ac7dd2f4a905bf9faf469252dc244224f4c6cadc4a17b66898e71c1e8066b23cd50f561de993a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOu8LXY\prefs.js

MD5 35db401677a5db92aaa538c9d5e28805
SHA1 80bcacf94f0a31a6a45a10c159ece3974423ef47
SHA256 21d6b7ac6b2ff7f75d0ac4b8cc81fc0c76f7ef9625a766402ae4a315de6ff537
SHA512 54965441d4d614c4daa24335bde2912c73368e4c4f53985e1f08e1062de892e919fc92e144c42c7d3a0311bb05393563d89dbcf8a8d50f32ceec05db4d9c19de

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOu8LXY\prefs.js

MD5 1b1cf14402279c1d4c981961ae481eaa
SHA1 f04a45b7d117c21a07d159f6e38f65ef35243461
SHA256 419a14ecd69e36f4f303c71adbca38cc5c9b2b7c8290bb617e39f1b8628223e0
SHA512 ffc825cb600d81a0e0ec69e087dc4c28df38d8b42c71025be64645e5721badc671c50a0f8c894b1873bad4c67296c70c8cc6ad9513ec2a615ed921db0ad1c2ed

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOu8LXY\prefs-1.js

MD5 ebd1f0a6280d834fa738078d1e7f53cf
SHA1 ee6fb9a20378a13180f5d8394662b3ac7f0e98b4
SHA256 e405553c669fb9f1bb41ee284d79efcea62acddcbc133c1115f24ca7f5f8982e
SHA512 8540d20faede572b01ac0ffc32a560e0056a08fe1a343e7a81b4b6d2a1a31d4e8d49724256f7984381158e28ca86643f6f3cf66db32accf1f7d324b534fd6f89

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 3471cfb0edf8b2be9e7b9787a820a9f7
SHA1 9dcaf4ef5ca06aedab53df7b6496f2259a66ed5e
SHA256 e7fd450c8167816fff581f0efa6ccd4c3c3b380e09cde34ca90369b3dbf8b504
SHA512 1712a6774b9fa10412bc1b2c3178a464768dc1d3b0b06c7f6f3b7f5b3fbf91f13c76d7cbc2d08416892e811842373bbe073a33f4cc2f297555270cb389f673ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1052-839-0x00000196C6CC0000-0x00000196C6CD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\prefs.js

MD5 d78890c29358dcee0dd6e0449d3a1584
SHA1 250a4d5d945b8441659adafa053b427b9037759a
SHA256 a699168bd6d92fffb6e9e029c79aca00965953a7cd89cd4b897657e022e1cd9d
SHA512 fb97c38a3195d25bf56238b0f9b0365addd3f2036407160a647a3a26199a84e92958fe05a2fd61d6dde25ed763cf1d9e514a3d8e3fa780f1ce61736c0c2a4066

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\startupCache\webext.sc.lz4

MD5 103eb5616a48b42a7bc7239b34ff269a
SHA1 1417765ef81bcfd8e01aa5e0f79d8a5e2649c89a
SHA256 94300a429ad259593ef32d539a924f8f9cf2bef5917fccf3c48468227cd66e9f
SHA512 180c73693e6659b83efeac8304c54ad81f214f0eba07f886eb7e840f91dbdde72b3ce10109bac38d2b06b7a0972f262e3c9ec77d9de235c7b43fa7846fa17492

memory/1052-899-0x00000196BB730000-0x00000196BB8A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\prefs-1.js

MD5 f881bb912e5a72dfb25010cd27e6909e
SHA1 c9223e77cee800560294d0d6b8179c56802f9ca7
SHA256 a5fb62960cc3a07d48f8af31b5d9ae105bdc1bd75679c9039fa031140e8efd1a
SHA512 b9c9bf9073cca702f9916d49b03f81d2f2f2044ac22f922b21bebbc7de32efda12e681724bd5d20f04790fa057b82c585262d7a2ebb7f1d75fe15d8ef684044f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\prefs-1.js

MD5 e680bbfd02c31dbe6d7e4b6f2a490dea
SHA1 c5f4158506a56eb89d5f3eb3df163e555d409122
SHA256 58321c291b6de7d07208140f9d26cbadadcdf17ea1a53ca8a2eb87ab673729fe
SHA512 61a20f8d1233cadf924759e99ec0911d88b2c5c7592309bf000f13fae74e9a61f27fd557fa83212e93e74ce27e8932fc00a9cc127beb0f48418e51e434a9b0ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileePqMRT\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8BO3H\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/3504-1153-0x000001B5575D0000-0x000001B5575E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8BO3H\prefs.js

MD5 e1f2a513fb0cefb70c5044a32b18ca3e
SHA1 175b5366270137960d9b69628ac6a34acd93339e
SHA256 be0139be06a52a125fc62b232a5e4e1b1f61d02d2dc5343d5dde82b464bf6197
SHA512 8c50e8c749d5e5bea3fa5377673ea54c89d0b7ac711893b72cd9137b6f8e6756d3dffaba37878adf1abd358fe3f04b31b504a5dd9156a8a398e1441d6f6b1828

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8BO3H\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8BO3H\prefs.js

MD5 5d991b1eb7e47f8b5fcbc99211b49c81
SHA1 2d86ab84881f1100f8f3108c5a07f3b4680b765a
SHA256 c870ede146102da903fcebba9b8fce229aaf597a91e0380f9eb1454d6e645b90
SHA512 55ac45a9dd6d0c7bd8595bd4b95b1af0717a1cfd2aa1f13ef2e270dba8dcd31f3a3c760d3f47597bf0a009362f8f7eb289eeb18ec51df9f2e339e206437c8610

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8BO3H\prefs-1.js

MD5 efa45104fa7822e1b2be7c721cdd10fe
SHA1 e49a4f1f36dca1eccd61ff185fd4ba713a70475b
SHA256 192089dbba42ba0c24ba485fd3830c76f240773abe7206c3f789ffea63de118b
SHA512 200b9f91f719dd95ff753900d366bbd05faa423e7069501950cabce09e5c2ac594a950f395fb3c8f6ff8f6c357177d681439e11696a4393cb3dc91abd2479ae3

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win10-20240404-en

Max time kernel

300s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4112 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4112 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2112 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2112 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2112 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2112 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2012 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2112 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe
PID 2112 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe
PID 2448 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 3068 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe
PID 4604 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76l4bI

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76l4bI

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.0.1553241873\1205690696" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {ecc4b237-e01d-48ee-8a13-6a4e45c0169f} 4604 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.1.1748074278\1185965873" -childID 1 -isForBrowser -prefsHandle 2536 -prefMapHandle 2532 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {ffe23a04-2e98-491a-88a8-3ca411c80adb} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.2.1483591994\724327886" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {e7206832-3016-455f-8e64-e9f86736c063} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.3.1697326341\943635443" -childID 3 -isForBrowser -prefsHandle 3040 -prefMapHandle 3144 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {879e47a3-ee33-4f25-aef4-d5bfd6777ebb} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.4.990996897\2126367388" -childID 4 -isForBrowser -prefsHandle 3464 -prefMapHandle 3468 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {bd3fde13-3a90-4dbc-8760-c330cee93d33} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.5.732148094\901255277" -childID 5 -isForBrowser -prefsHandle 3436 -prefMapHandle 3452 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {490be492-6954-4e7a-9c9d-c387c5f2ac19} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.6.603610402\1420839081" -childID 6 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {217889b9-269d-4cf8-afef-53a68328e063} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.7.1055354971\1674371406" -childID 7 -isForBrowser -prefsHandle 1172 -prefMapHandle 1164 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {50d350df-93d4-492b-9027-50fbeb70be2c} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.8.1582315734\1749999576" -childID 8 -isForBrowser -prefsHandle 8392 -prefMapHandle 4176 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {0ac8e3a2-dbfe-4aa8-ad11-2c6748f96818} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.9.1496951381\1936994841" -childID 9 -isForBrowser -prefsHandle 2616 -prefMapHandle 2584 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {4efa4b90-6bf3-442f-8a46-1c714a2b218a} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.0.1286079522\2023316065" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {6feac627-4c6d-46d8-b360-6b444a414409} 3680 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.1.1098750687\1835411837" -childID 1 -isForBrowser -prefsHandle 2384 -prefMapHandle 2400 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {24be5c39-7723-4d3e-8663-20f3c705a5a1} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.2.976125373\1404282309" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {5d31da78-a2ad-4fce-ae94-33ed6a76bb97} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.3.701598628\1904035057" -childID 3 -isForBrowser -prefsHandle 2936 -prefMapHandle 3188 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {4ce6957a-f046-4eda-b780-57b20882a485} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.4.107159377\1049365219" -childID 4 -isForBrowser -prefsHandle 3384 -prefMapHandle 3736 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {8c539d51-88d7-4766-bd35-044b8d42b8e9} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.5.1745469656\1832783535" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {296d4844-eabd-4dfa-9954-eb294baa5c8e} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="3680.6.1799427072\4300076" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4000 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {d13ab5b7-66da-4767-b401-2f289cfe75bb} 3680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem0zidy

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem0zidy

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.0.136392706\2120862411" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1448 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {ba3443c2-a5e6-42c0-9431-db4a38c9aa40} 1524 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.1.555179580\127263551" -childID 1 -isForBrowser -prefsHandle 2508 -prefMapHandle 2504 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {85e7b17d-4c1a-4137-8471-c6c2e4881609} 1524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.2.1173312031\1369397525" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {936508ed-096f-4455-b718-90eb6e01ad44} 1524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.3.463216520\1682558710" -childID 3 -isForBrowser -prefsHandle 2952 -prefMapHandle 3068 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {05a62ebd-cd34-4d90-8976-7100d5f9400a} 1524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.4.234164622\1080580583" -childID 4 -isForBrowser -prefsHandle 3372 -prefMapHandle 3368 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {a16e39fe-5491-48b9-acfb-a36f5f99b08a} 1524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.5.1919073378\313557021" -childID 5 -isForBrowser -prefsHandle 3792 -prefMapHandle 3800 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {e211b9e6-74be-49b4-9117-07ef1977e91a} 1524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.6.1231617617\1479818802" -childID 6 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {59502750-2e4e-442b-b04b-f391388c3470} 1524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="1524.7.1325788783\181417919" -childID 7 -isForBrowser -prefsHandle 4380 -prefMapHandle 4312 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {bdacc8c1-2700-4720-b1c5-841f7ce3e3e7} 1524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile28s3pE

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile28s3pE

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4556.0.1354824415\353813123" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {2ea7e0c3-ab1d-4c94-9fc9-e48cfcc6eb5a} 4556 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4556.1.307209300\209608706" -childID 1 -isForBrowser -prefsHandle 2376 -prefMapHandle 2392 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {2ac47741-538d-42a4-b9ef-3b76bc2f95a0} 4556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4556.2.1996665800\1342626317" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {737ba3b9-2d40-466d-b0e1-b4e69cf2ae92} 4556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4556.3.1141764484\1634117933" -childID 3 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {7f8835aa-64ba-442e-8aac-9fa721a469c8} 4556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4556.4.2101889746\1803865494" -childID 4 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {08864196-a3c4-4319-8927-5fd124a73ee4} 4556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4556.5.819262656\1026551538" -childID 5 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {8d76101d-2787-4bd7-b9a8-399ea2548135} 4556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe" -contentproc --channel="4556.6.2005402279\1235665208" -childID 6 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\browser" - {cb648fb0-15bd-4a47-a44a-1545de737d17} 4556 tab

Network

Country Destination Domain Proto
GB 88.80.184.11:8443 tcp
GB 57.128.174.82:3333 tcp
US 8.8.8.8:53 82.174.128.57.in-addr.arpa udp
SE 85.30.131.60:9001 tcp
CA 158.69.207.216:9001 tcp
US 8.8.8.8:53 11.184.80.88.in-addr.arpa udp
US 8.8.8.8:53 60.131.30.85.in-addr.arpa udp
US 8.8.8.8:53 216.207.69.158.in-addr.arpa udp
N/A 127.0.0.1:50152 tcp
N/A 127.0.0.1:50156 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50248 tcp
N/A 127.0.0.1:50256 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 200.64.52.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50684 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50692 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50973 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50981 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:51292 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51300 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

\Users\Admin\AppData\Local\Temp\_MEI41122\python38.dll

MD5 c40c36a527b224a242b22a301df7bf0c
SHA1 41099f8b597e5ba6f4e7b8cdac655fa432a5ee28
SHA256 68cc16d68ad3cc8632942005625dbf23aa90b9a00c18ebe83981f66c8a34830e
SHA512 97008b6af13408d061341a881a1285b2c810dedc30948d0785e19d25526320ef9304170572c637d66d9c7470a9dd007f1a8417305d9e63fe0ca8c3ca5b537e50

C:\Users\Admin\AppData\Local\Temp\_MEI41122\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI41122\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI41122\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI41122\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI41122\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI41122\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI41122\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI41122\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI41122\libssl-1_1.dll

MD5 75c95d1a05191a2f9101e24f60b6eff7
SHA1 f6136241c5983c4461df069c24a8669fac614539
SHA256 e3eaafdb87602671c30409f941651bfbcc42a0068337f605ff5a38d6283e1788
SHA512 71c894f6232c1b392184daa816adacad058af56e4b05bfdec8e0f1a535c5e4f277bac3b043e92a257bc427727be149e73165fe871442fc77f7a34dbf42f208dd

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

\Users\Admin\AppData\Local\Temp\_MEI41122\unicodedata.pyd

MD5 74f0f14027b885ef241534fa196562c4
SHA1 ce3b7da95afcc5d5a1ba98b3559838fd5c590ad4
SHA256 0699d54b62a6af51ba3066d2234cdd0993888e96e508f6601bbc072c5ed850c5
SHA512 44e53181dbf565f374ffe66f8963d2e48733325df23fd0d4e3d4ecc23a7dcbebc5553a8aba83e918a59263c43a29d2873f252249e43d20525def232fdff0ac18

C:\Users\Admin\AppData\Local\Temp\_MEI41122\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 76751f2f03b393fca965628f50b0c8c3
SHA1 a172d5c43e37ca1e00234426cdf751ffaa0f494a
SHA256 5470d18e2c1a49035a23416e6d35e6eacd8f2f8492e40e93bbfbd673aea328db
SHA512 8f451ae2d118eacceb410ecc4779be90c911aff0bb0f0aae5827c1488deab0f77b236f61ac525fef4253c12730c3f2acb4ccf5df411e1c09a947e665ca554bd1

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpwunswjeg\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 d6d135a9343b61f1a5aad517f371c563
SHA1 a3ba848fac58fa914cfd402995227022f17616fb
SHA256 c48f7594ed8e3aa7d1dd4fb60ff2be7103071f66fab6ab3d597bb7c665b67b00
SHA512 69777234e4b885c0102912c4b69159245e66e3ca045a4bf0fa0c1b057d83fd774516326f9090c1dff4e182efdaefef716a595199f48b96057e4a038713ec9b0d

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\tmpwunswjeg\webdriver-py-profilecopy\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\tmpwunswjeg\webdriver-py-profilecopy\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\tmpwunswjeg\webdriver-py-profilecopy\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI41122\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\_MEI41122\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI41122\top-1m.csv

MD5 a1b691aa0dc8477cca7a6cf2d4887b4d
SHA1 0d605ce30b45def868eb69e69c8502b30aec9579
SHA256 c7635e2e79f25b895692132246a8d18e367f5addc08efb8376bab7ecb4d09924
SHA512 2764402e12385a26187f4715a7cb0593b03a715dd19500a207b2a43bf80c6f42e2ae695b987cc47042d3be4640ed295a6505408fc2ecb3046e53314c11839f7e

C:\Users\Admin\AppData\Local\Temp\_MEI41122\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI41122\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI41122\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI41122\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI41122\libcrypto-1_1.dll

MD5 0941c662082b05ebe62291f286a83e8c
SHA1 07c8641b96a52915ea5d30d5891478556f8d9208
SHA256 5fb7a352f7446297b524902cd1bf9f4e6f2fb60cfb2daa9e3fa0f76ce91f9c27
SHA512 d0dae6006c1d1978f3166ab3663ca14f50f0b3699357ce89cc53cad0ffec81c089355c5980bea7ad527030fdd12a26cc0cb6422a933e207226e77d2730d69da4

C:\Users\Admin\AppData\Local\Temp\_MEI41122\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI41122\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI41122\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI41122\base_library.zip

MD5 196fc7563beec5caf7c72cfefe27a4c0
SHA1 c3d9ecb19ed275d5e72dd2a2b8e63ae4b1339614
SHA256 ca9d50db79635bc360319cbb7ef3054ebb5824298e72663f38a1389575e839a4
SHA512 f0d6d9eae8fa63bc1922a8092236ab832c5d640d2775f985b13cd661796ee68b0c690146e84e2d54f55b374b38345d7f4c295d403ea6ade60b268d9a56cd139e

\Users\Admin\AppData\Local\Temp\_MEI41122\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI41122\python38.dll

MD5 a5ee4fa71fef11f96e91af34bdbf075b
SHA1 82f5cd96e15ee50f7d5255d657074a4c2f0544d8
SHA256 45667e2c024552ded7a98b97225d8702bd35b29e33bc75f111cc349d0388ad25
SHA512 1ed82ead67ddaf52db407d1bd83e1b5989072e6760034b285b65e1d6a6c8f9cb2734ecd89163cc2edbf6668529d3e30f3ea41641ca5ddb7aac23b8ef57b7083e

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/4604-549-0x0000024405CE0000-0x0000024405CF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76l4bI\extensions.json

MD5 f4e7a8b579f2486727c92fff99013547
SHA1 22d84e0283ee21075cd011c5613d58d7a756bad8
SHA256 f130c868f1f7e174b5238c96c352f56fa11a121a3e92db65dc07a84f55db6149
SHA512 5c4cdef4c5106b9c10719ad77044f0fa87330dedbf4afe6c44d8ebe1024ca1d3cdfde5976b2f0c8d00eefafc4feca0fadd3055d98424fc010f6755547fe45fe0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76l4bI\prefs.js

MD5 cd1a220d6ae8353cb70c670416792c06
SHA1 cb779facfa02e7ec0136bed0271085e02d8cb185
SHA256 8565ca3ec11702ba3caddd9157839095b717f0af30fc4c8cebb89dcb24574302
SHA512 06ea6640470dd100f9b00750bf1d722aa503f0a1c7892a44146e9c609a887042dcef019d2d4dc0aa68ddd6096ff413e7a5971b968f5a813df4494b503f44c531

memory/4604-586-0x000002447A5A0000-0x000002447A710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76l4bI\prefs.js

MD5 eec5fea3fdfa926dbd473846251f02b0
SHA1 d36a8a4c8afd12613bcd4c05d3283384537bb9f5
SHA256 032223602d8a645f317ecec1455730fee4545f7d4dcf01c1f0c9956b5922a173
SHA512 01d971377fcb7ced9452810ccc7afe1dee97f6e7f9e9bd69f118259590a0028791edb1537e355e655923d3cd0aa0bd1d432ed0fcd8e660079e4cac7b7ea41809

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 845ff430790f9328c5fb1e75e69afe77
SHA1 9c0de0de6cfd2b391c52ef458ae937d0da6a9b51
SHA256 d08f2c885f1743825a6bf0556190f0f738977804045225940027a6ed7254ce91
SHA512 cb0dee9c9d2ef2e21a2a25f3a7950872a491a1b5612b6bfa68af04a89077a600fe46e494cdce42b58d9a82d45ff523d82ef646cef08e0abba9f594a4d120e516

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76l4bI\prefs-1.js

MD5 dd294e28852f82131e727cddf389c57c
SHA1 6b4c1dca7132c87c2bb19706a59b762054192615
SHA256 a724d9a746b468303933e4877f10071eb678d616c0b3e269032a76208fa26036
SHA512 6f179dc7654d0f33ba5109b4dc47054119ed75e013a224258bd6107c3c0cb3971528d688f52203e2bc87e8e00667e99f387fef8957f97b7b760eb6f6b242869d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/3680-909-0x0000027D12DC0000-0x0000027D12DD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\prefs.js

MD5 4bc994c6a28212ace38cc8cbc18cf408
SHA1 8d8dab44015a5e918d0a8a1d4476dbf7c0aa646d
SHA256 f59a6d9d9af62c14bd3e80e0d635ab74ab126e223f9e8eabf63e0d6a6e46b5ad
SHA512 4d94f0e0c7d5a1b5bd9501b566a52809be5516634e54d9489f5f2f226558c2c3bfa5a5c7fbd5f6a61b2a355aaf33a6444facf6434a4837a946306d0571df99e4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\startupCache\webext.sc.lz4

MD5 9f4931d6f8bb436d8f5555d336e1d38e
SHA1 e9cea80b283ae5b51251c5034428c78c3581dd14
SHA256 d063eff24d3315216b06ad4fa503f144a3521ad861d607f088025eb9d13b3559
SHA512 4947daedbbb877bbf3a4d5d70f3a9164a94edc3fd49c8c2051680c58e8835e9febf2cbc862601a783a3ab1cebcf626f10724155a8d51201cda7866c29ae51f72

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\prefs.js

MD5 3888b3423ba7b079d09776cc2c3d8ef0
SHA1 36fb646aff0eafbe5134241bfe156ce2e06bf071
SHA256 3528f980d2258eacbbd9fcbd32807de9271c40a4b47223f6d32791c722ab0c19
SHA512 1b8228a4cd9547bbb3cc21a953a5feafe2458fdef81be7d4d5027c0d9784cd5fc06955fbf57fd53d11387cf0e9a3e7fdcd8836e609e509bfe397d4e055528aca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilex5ZJq9\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem0zidy\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem0zidy\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem0zidy\prefs-1.js

MD5 325597de13be98d294e27655be061d81
SHA1 23b75fc4afd5852c36e6240a799132b89d80930f
SHA256 c364e1f47ab0f958194c3ef0803448b089763b88ecd50957633df5064748229b
SHA512 ff472bec99e8570540b2c2d00c93bd91313838179300b79671dfcec855cc11f1b80b594c5803094d3789f28b0257d039af1745ef46fe3b23eec9139230c15724

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem0zidy\prefs-1.js

MD5 21b710b2ca29ac187f9801e9d960b9a8
SHA1 92ccc30da722b30a84a7502f0dd6ae3dfe4503d7
SHA256 140a51b7004bc7b867f2acbaad0fec5ae2d8cf8d2f9628a6b96757428426cb37
SHA512 656ae852122ca02bf116ca7006523cd936fd1ea728da22dedcdaf8fe7f5f53a32df7a7060b17923ade23b420f87e4b29eeef4b12d718c8bc6a1568fc01f71f30

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile28s3pE\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

memory/4556-1440-0x0000022EF49E0000-0x0000022EF49F0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win10-20240404-en

Max time kernel

296s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1308 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 1308 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 4596 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4596 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4596 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 4596 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 5000 wrote to memory of 4336 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5000 wrote to memory of 4336 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4596 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe
PID 4596 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe
PID 3600 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 3600 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 904 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileP9oDVs

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileP9oDVs

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.0.996561924\857171450" -parentBuildID 20240416150000 -prefsHandle 1504 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {70cc4b40-eb27-49d4-ae5e-d5e99bcb09a7} 904 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.1.1900379593\764973958" -childID 1 -isForBrowser -prefsHandle 2492 -prefMapHandle 2508 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {4bb1d24f-3df0-41f6-826e-3a95b19ee8f4} 904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.2.1977108046\1637812477" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {7928d87e-6213-47d4-9d6b-805a96d6aaff} 904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.3.1936234018\60877255" -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {fb25a82a-30cd-45ea-becf-21aecf8cbebb} 904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.4.1546343415\702889334" -childID 4 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {f7f5f97b-21a0-4158-955b-6efbee708dae} 904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.5.134187798\8881304" -childID 5 -isForBrowser -prefsHandle 3336 -prefMapHandle 3340 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {31039161-9c82-4720-a200-4ca111cb7b12} 904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="904.6.1623986973\1398151172" -childID 6 -isForBrowser -prefsHandle 3244 -prefMapHandle 2916 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {c198cc8d-16a8-43d1-8acc-957b99b54233} 904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.0.589613585\336023676" -parentBuildID 20240416150000 -prefsHandle 1404 -prefMapHandle 1040 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {e91b2ab8-792c-467d-ad58-7897fb0a61b9} 712 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.1.317700289\1721182804" -childID 1 -isForBrowser -prefsHandle 2104 -prefMapHandle 2580 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {ba491c73-b9cf-4ede-a326-3dd799d70b8a} 712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.2.1315961151\1417654211" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {318bbee8-8a16-4a03-85b9-82277924a7ea} 712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.3.1343044566\354474127" -childID 3 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {1d5c7bc6-cb46-4a3a-a635-9aaf3dfd9e96} 712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.4.1407129730\939114692" -childID 4 -isForBrowser -prefsHandle 3036 -prefMapHandle 3032 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {acacce2c-74aa-4c21-8600-0dc63b0d6ec6} 712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.5.1481288016\1863802929" -childID 5 -isForBrowser -prefsHandle 3668 -prefMapHandle 2968 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {f0503ce2-d04e-405c-a4e2-0891ae60d105} 712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.6.39252080\807967918" -childID 6 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {bed4e1c1-f4ec-49a0-a013-f96855cd1e35} 712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.7.1128409723\561765864" -childID 7 -isForBrowser -prefsHandle 3892 -prefMapHandle 4136 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {0d0bef94-ad84-4930-860f-5d0aa9c8d97b} 712 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.8.1507187456\1106439582" -parentBuildID 20240416150000 -prefsHandle 4352 -prefMapHandle 4356 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {3528deb3-5a8a-4b54-ba82-ba366adf5140} 712 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="712.9.811041258\1946313428" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4412 -prefMapHandle 2032 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {de168054-c45a-45ca-9320-0ff69fa7439d} 712 utility

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBycUs

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBycUs

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.0.1131277895\1065902402" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1476 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {f3383a94-4573-46d6-89b0-0ea8105cea7a} 2532 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.1.177543340\1331773255" -childID 1 -isForBrowser -prefsHandle 2204 -prefMapHandle 868 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {e11134b6-9a3b-4db8-bf93-0184a09fb454} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.2.1333004699\537353901" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {ee9226d9-38a7-4802-a860-c26ca537a8eb} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.3.985458570\1098947304" -childID 3 -isForBrowser -prefsHandle 3052 -prefMapHandle 3056 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {974b4fc9-c6b4-4ff8-bcc4-931cc15dbd0c} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.4.1720807193\567498935" -childID 4 -isForBrowser -prefsHandle 3572 -prefMapHandle 3564 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {1d7d7db9-c1b2-4ff9-aa5b-d62a6dab91ea} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.5.1286214762\1356532400" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {7264ae49-df52-4c2b-8acf-5ac96563c28e} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.6.2067846906\2093783693" -childID 6 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {910af5ef-5d54-4b76-9fba-eb35f97fc7e2} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9odbSo

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9odbSo

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.0.1238262553\1212766778" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {d141daed-24db-4fc1-aa86-62c33b115f74} 5028 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.1.1633191444\644162271" -childID 1 -isForBrowser -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {99a4aba8-7311-4c77-bc2c-2f6966e426f9} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.2.339591265\531393187" -childID 2 -isForBrowser -prefsHandle 2828 -prefMapHandle 2832 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {7a4a504a-e079-4d35-8c7b-0878fc1c68db} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.3.896314741\1141411299" -childID 3 -isForBrowser -prefsHandle 3068 -prefMapHandle 3228 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {b182f32a-86a9-4376-9c94-8212530fe105} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.4.1020473465\1005430770" -childID 4 -isForBrowser -prefsHandle 3576 -prefMapHandle 3564 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {356e00bd-058d-4ff9-a129-3a04e5b52f8d} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.5.2110842918\155928382" -childID 5 -isForBrowser -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {e567bfb7-d691-4e85-85da-80c56b048bb2} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.6.1221857900\266294034" -childID 6 -isForBrowser -prefsHandle 3788 -prefMapHandle 3796 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {11bc9cd2-a674-45fb-8e19-35dd0c2d8cf9} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.7.1602013444\1625557719" -childID 7 -isForBrowser -prefsHandle 4392 -prefMapHandle 4180 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {99d72519-2245-48c4-8423-5727550880e4} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.8.882009963\1807497270" -childID 8 -isForBrowser -prefsHandle 4216 -prefMapHandle 4200 -prefsLen 25332 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\browser" - {d01c8e86-f2e9-445e-af32-6405d010a887} 5028 tab

Network

Country Destination Domain Proto
LV 94.140.120.130:443 tcp
US 8.8.8.8:53 130.120.140.94.in-addr.arpa udp
DE 159.69.36.3:8080 tcp
US 8.8.8.8:53 3.36.69.159.in-addr.arpa udp
DE 51.75.153.22:9900 tcp
DE 89.58.54.129:443 tcp
US 8.8.8.8:53 129.54.58.89.in-addr.arpa udp
US 8.8.8.8:53 22.153.75.51.in-addr.arpa udp
N/A 127.0.0.1:50150 tcp
N/A 127.0.0.1:50152 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50246 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50254 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50554 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50562 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50933 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50941 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:51211 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51219 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI13082\python38.dll

MD5 10d7882d71fc12357af99ca9f53d5b6c
SHA1 782f3ae9ed7f12f593affb96c625181c1f306b45
SHA256 d3313be2426227ee8e8b4bbddafc170e263f5df976093dfa6a823b30aa4f4c7d
SHA512 2c368e8085678c810bd543cf4b5888ad0983de9ae015967c0f362de3ae1b173c7c623c54f91c2ba1ba1011b8c67e0778cdec7e3c08d30f275509362782cf5281

\Users\Admin\AppData\Local\Temp\_MEI13082\python38.dll

MD5 f2acb10e37474937e3f331612490bc84
SHA1 16157b7119079a0613da7685ca9e67b954f46324
SHA256 91f28cdf6408c5238db78aad79864b1a7d7b56947e6d89d71312e31f55b161cb
SHA512 540557f98c6b95e7e7c8e29783719e2dcc62832689af2d04e3a6dd8b7876315cf11e8a30041e4bbc3034f7cd7beb8190bb81642fc80d1ac45993d9b28ef5607a

C:\Users\Admin\AppData\Local\Temp\_MEI13082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI13082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI13082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI13082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI13082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI13082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI13082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI13082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI13082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI13082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI13082\top-1m.csv

MD5 bde8be24d19b6f197ca175d49f57a2dd
SHA1 2b14d577ab3ed746b2a67db0bc01dfdcb67ba07e
SHA256 6e656f6cbdf9f7958807acf42e5dc8ff9d3c35f47e76b4c4a096cf1a0f64ca5e
SHA512 0133386681d09db3c25c12bc1dca9054a6ac4b9aa019e0073460416961185c566e83b10ccc623ae088163a6eaeb5156d9095e72e374081bc63a18b76fdb75923

\Users\Admin\AppData\Local\Temp\_MEI13082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI13082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI13082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI13082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7d6384160fc08e8462405b48c58d422d
SHA1 d83b6062f5e178867731c73ca85ebce36e31c806
SHA256 8877695be8bed60e85e844422198d7408abba4ee16d362a9c8f514b85e3365d7
SHA512 168e240ecec07bd2c9b6bfe8afe228662e6d6c42b4f2bf2349fb9d8aebb5fc4fc624ffd0c5bf91ce51b2ccef3cff33133188997bf9aad97a633552c5eb9ecf10

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe

MD5 cc3d9fd2d0d1fe7415f80f1b8338bb83
SHA1 4a2ce0dcfe92fa580b235d025fbb87902548f78e
SHA256 65f327d15e6634a75457968c1351533a5fc92a906487611a3a78d380c54b99b3
SHA512 da17ce903cd4c09ebe53345940ca41d34089958b225537e727301273ab5845419d36a86d0574567b73b5dc7031c1bcfbd86106651db8f10ac413065dd27607d2

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\tmp9rv_c53w\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI13082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI13082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI13082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI13082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI13082\libcrypto-1_1.dll

MD5 0941c662082b05ebe62291f286a83e8c
SHA1 07c8641b96a52915ea5d30d5891478556f8d9208
SHA256 5fb7a352f7446297b524902cd1bf9f4e6f2fb60cfb2daa9e3fa0f76ce91f9c27
SHA512 d0dae6006c1d1978f3166ab3663ca14f50f0b3699357ce89cc53cad0ffec81c089355c5980bea7ad527030fdd12a26cc0cb6422a933e207226e77d2730d69da4

C:\Users\Admin\AppData\Local\Temp\_MEI13082\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\_MEI13082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI13082\geckodriver.exe

MD5 ccd587b1976ffe2daf266a5b6102ff48
SHA1 660914636680d03206a48a3c38ee28491dd6c974
SHA256 c47f0a36264038afe3277df9965df261a6493e93b4f48e6a1a61e9616eb31aaf
SHA512 b7c0176cd6d50ab99677b1eb6f5f40bd38a4442e8fb3c38f7a408badcd7857b5b14a8c7e7569cdb6d53502d9882d0709f94ac8d4b87a2fba6fb88f4689d61fb6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileP9oDVs\extensions.json

MD5 752657e725a4f907a83e519e6b07bf5e
SHA1 a59ddf89c371c1c82a45bb8598bef632182cf1e1
SHA256 00a68456007a4e7204aa44fb9bce7c600cf470cb5af521e178e212e66829bd8d
SHA512 ad797eb64e69a14ee698d812a01fff46ab8452c0237da1ff4159176abe1eae59e0a91d246f3b11c6df059a4354a7d8b034a3780416bd63518563c9b4734cfbf1

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 583bbac938048639702bcc90dceb8a07
SHA1 31c535418288476ea97281f4dbda387c13330d8f
SHA256 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3
SHA512 ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29

memory/904-578-0x00000230F0300000-0x00000230F0470000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileP9oDVs\prefs-1.js

MD5 9e703a3b273a332f3a53cab07cc9ae9c
SHA1 e49b88f627f1e070049bae3eed1ac195a854bf36
SHA256 7cf3f46089ee9b78fec0e2ec4f87b0d60ccaf784659e57c55e806d01be4b8e4e
SHA512 0f75e2678fe8baadb7486ab1ebea80d072545b5de350f2c8bf11555fad2d93bc256fcac2d16d302a633cec6f916224367499cdf019c978442e98876abc16e274

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f2bd7a4ece5e4c71d080499034be5975
SHA1 dc848e28e5537c2e22b1dd056acc7ebac4a9f800
SHA256 c53ec8a062ab65c0c83ffdd42356aedd52cafa4060da54cfdc6cf0d49e5eae42
SHA512 e7a7beb398f1528b31aefb776292aa6dbfa8aeafc68b826f286af467fb567984e649c6484905a46da69be2249d5ef2f8978f6f96418302231ebeb21893f72626

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileP9oDVs\prefs-1.js

MD5 705bfdbf6a41630474110cb8f07db793
SHA1 6a1fa7e9b36a718c7fad9addaa694647fff76aa5
SHA256 00e03ea1e77393b8d295e265cfd9106b696efdbca536b9366d9973c39fa56de6
SHA512 5de63f0edf813f455e3e72f231de4040057fb1b9b3356c989f22870b20a33095f44f5faf4366b411dc976ea7879dd3334c922655c4a5dd2a9690b7b92136a0f8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/712-807-0x0000028E29CB0000-0x0000028E29CC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\prefs.js

MD5 29a91e33c238cbd4d7c0dec953754d84
SHA1 142e830f9d02f8b1205c16615f0aa77ee034abff
SHA256 76a50698a226d1925a43faac18266e13491d660e2ee34c65cb6787837debbff1
SHA512 69d748e8f75fd2c75a55a3220074ac27bde21c846c066adc67ab2271ed004ed11e203d43987433d1a8da52519f78bdc617f5cc1c7107ca85a5e9d089215968e4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\prefs.js

MD5 dad5a473b15669d24ede89127324d7b5
SHA1 708aa461072d2003a948411ae85b3992e9a2935f
SHA256 99e44fc43a3ecdddee455927aa2d62425140df1fbc230d2c3050cfff7bad99ec
SHA512 8ed003ef62fb94f931859522829af9d1c4fff3ee2f5bc8c5a78342d1e15d3df7625892f3700aa3b68498fe93b29e525b526941b34368ad6c7f58067970e2567f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\prefs-1.js

MD5 f70536f34551af473a3750d296d3afb1
SHA1 b79eb9d630e86219255b1d9874554f30fdefeb52
SHA256 7342bbb0c9b94b2105d569399e295e1e00fd0703620aa084db6caf42815a86f5
SHA512 f791dbacfbae67aa3ea2610f2688bff866ae2c986420c346067b2c64ec33beaa8527f80cc1dbde53a72aaa3c4f8c693d7dea2a09d4467b4644ed7f23f6c1d898

memory/712-911-0x0000028E2A9E0000-0x0000028E2A9F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQybNNn\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBycUs\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBycUs\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBycUs\prefs.js

MD5 be98b9c86003748f04e77ddcfb3666d4
SHA1 95297aa574f3268ddaa6e8bbfdca990c50551fbc
SHA256 9977c02fe9da14ff3558ba8661d0a0efeb534c06541eabdcb6c8aa7cfa280082
SHA512 a2bfa2b5529074a1c289c58b38b7bc39738a61ed32c00aa8dd74af7d9f82770a4c3154e94cd316915ce539022807bab06134375ab0d1a42f3f14475e63a3feb3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexBycUs\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9odbSo\prefs-1.js

MD5 22c2cd44dfb9af8906557b3eac931b96
SHA1 cb5e2b2497cc460105152a2904178e5293cfbe0c
SHA256 2ee3925725b971d5d780529d5e91f9b2f221b6cb16712e749073c58a05b85a85
SHA512 5713e69cc1dae8ab1d9638801ffe72bc153b060566d5958e4e4c94b1f0fc293e407483734724dfa4e536965df905dcd417fa90eb8e7ec4f6b67ff1c444837ea4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9odbSo\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9odbSo\prefs-1.js

MD5 ddb4685516eb802126b6243de270fe2d
SHA1 7b7e96e2941e83a8f7ea33a35e5cafe14a513161
SHA256 37a11b40ea72f431f3fba9b09ca0a4ad0c7a5465544d668f9ad500d6b9a875d4
SHA512 83555c57217d5b2c5bba572984c6692a9229de21082ee29610687df579cc7006be63cc828a84f07e0cfb308484a3c5ce199a4815da19b0c6127eeca256631bb1

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:10

Reported

2024-05-09 01:22

Platform

win7-20240220-en

Max time kernel

299s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\medium.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2184 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2184 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 2184 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\medium.exe
PID 600 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 600 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 600 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 600 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 600 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 600 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Windows\system32\cmd.exe
PID 704 wrote to memory of 1128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 704 wrote to memory of 1128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 704 wrote to memory of 1128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 600 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe
PID 600 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe
PID 600 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\medium.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe
PID 2984 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2984 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2984 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 1352 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Users\Admin\AppData\Local\Temp\medium.exe

"C:\Users\Admin\AppData\Local\Temp\medium.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNcuf0Q

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNcuf0Q

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.0.166811814\127202724" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {c7755828-27bb-493c-9d69-42ed28a1af93} 2044 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.1.2088336816\1707304209" -childID 1 -isForBrowser -prefsHandle 1620 -prefMapHandle 2148 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {c3272cdb-9f22-46af-a517-0c36b10093a0} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.2.1884993722\1455157722" -childID 2 -isForBrowser -prefsHandle 2192 -prefMapHandle 2036 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {a1e5174e-1632-46dd-8770-c41ac80a3f0f} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.3.1274118192\1959367607" -childID 3 -isForBrowser -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {7ba8cf68-36d1-4c21-bfa3-4dd46b0a191c} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.4.1485042388\474554445" -childID 4 -isForBrowser -prefsHandle 1076 -prefMapHandle 1072 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {eca675a9-473f-4195-8065-67c8964190ae} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.5.1674057547\1509639356" -childID 5 -isForBrowser -prefsHandle 2956 -prefMapHandle 2960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {afbd528d-6a95-4d7f-b4af-d0829fa68689} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.6.1706986716\770434631" -childID 6 -isForBrowser -prefsHandle 3016 -prefMapHandle 3024 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {1e21a3ff-ed9b-4cb6-84cb-952f565b006f} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.7.1556724275\149819566" -childID 7 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {61e533c5-06ad-4cfb-82d3-ca4989851beb} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.0.1162024921\240353172" -parentBuildID 20240416150000 -prefsHandle 1244 -prefMapHandle 1224 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {c865ce05-84f6-4352-b0f5-bd6fc85568f0} 376 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.1.1265723164\1485327929" -childID 1 -isForBrowser -prefsHandle 904 -prefMapHandle 2052 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {43e77ca2-181a-4585-9fd9-9f770ec08936} 376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.2.1668382633\2096510123" -childID 2 -isForBrowser -prefsHandle 2232 -prefMapHandle 2464 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {45581315-156f-47a5-a434-d0a873976724} 376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.3.234065411\1068989682" -childID 3 -isForBrowser -prefsHandle 2640 -prefMapHandle 2628 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {979b89df-0e65-4a26-8cd9-9d2b045cc5f6} 376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.4.1475818428\475860260" -childID 4 -isForBrowser -prefsHandle 2668 -prefMapHandle 2684 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {5306489d-9874-4fea-a50c-655ec6c255a7} 376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.5.2081769167\769591959" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {cf3c31d4-6a26-4e31-ab9e-7ba98e8b895b} 376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.6.1311528034\1227572237" -childID 6 -isForBrowser -prefsHandle 3116 -prefMapHandle 3120 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {a98bbdff-cbe5-42cf-bb53-9971fc638313} 376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="376.7.389512845\1314234827" -childID 7 -isForBrowser -prefsHandle 2668 -prefMapHandle 2332 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {88558ec4-9095-4da8-9662-e22487ad5e16} 376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9MS5L

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9MS5L

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.0.1748914647\843994400" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {e6d9a7c0-a68f-4f8b-b016-5003856e1a0d} 2708 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.1.2056131845\2082821192" -childID 1 -isForBrowser -prefsHandle 2248 -prefMapHandle 2256 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 780 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {9d4d4d46-00e3-4af6-a9fa-c21dbc546c2b} 2708 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.2.1124745514\382065406" -childID 2 -isForBrowser -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 780 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {4c7bb1fb-8aa9-4925-949b-316d8d32797b} 2708 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.3.1919092817\1785588189" -childID 3 -isForBrowser -prefsHandle 2492 -prefMapHandle 2644 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 780 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {e1719db5-53e0-4bfa-bd43-6eaadd3169f2} 2708 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.4.1895986614\613985453" -childID 4 -isForBrowser -prefsHandle 2384 -prefMapHandle 2084 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 780 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {de653238-c8b5-4507-9cc8-cb4755f08cc0} 2708 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.5.413409509\362556491" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 780 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {2ed0603d-66ad-48ae-a50c-5ccc13a28ae5} 2708 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.6.1655186877\463971125" -childID 6 -isForBrowser -prefsHandle 3108 -prefMapHandle 3112 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 780 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {dca2ed52-e07a-4f46-aa2f-1f27aafdeca2} 2708 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2708.7.1206897381\402463810" -childID 7 -isForBrowser -prefsHandle 3448 -prefMapHandle 3196 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 780 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\browser" - {b8012d81-cb3d-4308-884b-77fac4f07c1f} 2708 tab

Network

Country Destination Domain Proto
FI 65.109.67.140:443 tcp
US 66.165.241.228:9001 tcp
NO 185.14.97.37:8443 tcp
US 128.31.0.39:9201 tcp
RU 45.135.132.20:9100 tcp
CZ 87.236.197.123:444 tcp
NO 51.175.122.36:3443 tcp
N/A 127.0.0.1:49513 tcp
N/A 127.0.0.1:49522 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49665 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49700 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50254 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50289 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50789 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50824 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21842\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

\Users\Admin\AppData\Local\Temp\_MEI21842\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI21842\python38.dll

MD5 82cb609d6d313b55ef2182e1710dbe33
SHA1 78a68e3f7e79a0f79946cc4a47f9f76ed613f8d3
SHA256 9366df6f041b91067dc5027adef7d81b554ca1d8ce28cebef2596e08b18ceb7b
SHA512 de159901a8b69599170a53e4a6b61eddcbcb0c76fddc0eea5aa22af44032b10b45c36287f37cd500db5d88a8db8c96aea25b0d3e02cf91ecf90043fe6aa21081

\Users\Admin\AppData\Local\Temp\_MEI21842\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI21842\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI21842\libcrypto-1_1.dll

MD5 95c6303a3959e746ad2a37f0558a73fc
SHA1 4dbe9ce43c9b894947d6388f13b639e6e321d9bf
SHA256 0e2e78ee499687bee1e30a492c67acb68efb77d12f33b951f964aca1469be98e
SHA512 7962ffd5bd58495b8b1856c45b6f7ace65378d60f249208d6f883b5e851e95bbb82d1eba2ad563c3747b65db4ace85bcedf0330e6fa856a218dc1a7df11454e4

\Users\Admin\AppData\Local\Temp\_MEI21842\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI21842\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI21842\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 6aba2d0351e5cf9191433296312e2128
SHA1 724b71969c12657e847ab17f2fe81dbb6bcdf448
SHA256 bfb39d0bcf90d9bcd33d78ca8ffe3e63cb7c98d2523ab09e1d3e0a5d28c6766e
SHA512 a5d766ab16ddf31bcb7728054702fabde9b9e638f414827c2d180740d7263170061b425aaf29c29ef1e6d3dc342d58cba5b6660fe70fe646e304c6da63df4a66

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpf5t3y77y\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 549e54a44c7326c30548c998a1d16424
SHA1 d4375f9ead356aff85d60375b08db168195d5089
SHA256 fb2df7a858dbfacbedb5ce100bc71dff2b1e1991b2d574c1d3d46701ceea5433
SHA512 7325a6d2ed8cf43c4665f2cda3f4f9578de7a87cf70178eff7e927bb8b58f0dceff4b4bf6029593ff64fab052718cf2da8228275580071de2d0fb77fcb4bb897

\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 0e490c381e8283222c23df594ddb3e93
SHA1 5e3375b010c0b0eac70b0c73c168e4beca84ae4e
SHA256 e3b3cc3016aff5e6bad156b213a55a0f9f73ec06c5b5e7a4f59dd819047b7245
SHA512 6a26d75fe687ee5629d60475187d16af359b9da27c831435de4ccbb2ed135906ec15c269231dc014723d5a4ed3c9321ae7fccd6cf054867dfa3d1e28863e54d4

C:\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 009cb243c28f525419e23bf0aeb55b91
SHA1 7f0c1ace24fd9f6ac89efbb1003b534fc93417d4
SHA256 fa6f5f4f7a87f8ead5e9b786e39448d0755ed75d82e9da264136952409721d20
SHA512 92da538f4796ad26c92d0797a55a937f5d847a58357910f83da64975a315c83062ddc9306d9037d08b3bcb250444652d2025e1196c1a8e11ace815a9affdb593

\Users\Admin\AppData\Local\Temp\_MEI21842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\tmpf5t3y77y\webdriver-py-profilecopy\favicons.sqlite

MD5 86f78270d33684e7d6e0064174e4a4ce
SHA1 f5dad63848bd72f57b7cef3a6c5b3d3f862e8f79
SHA256 5b5ff53489a2b6fedcc1ae624cdb6d9d9a8d57e667c09f56914717c137815680
SHA512 4e5d1a30c4029b78e09bd2ae133b3c0102d870a62eb759a957159c44c5765928931adb926afabfb73e02c6e72dcc7b6bc5be248a19330c3cc675d3953866e567

C:\Users\Admin\AppData\Local\Temp\tmpf5t3y77y\webdriver-py-profilecopy\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

\Users\Admin\AppData\Local\Temp\_MEI21842\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI21842\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI21842\top-1m.csv

MD5 bde8be24d19b6f197ca175d49f57a2dd
SHA1 2b14d577ab3ed746b2a67db0bc01dfdcb67ba07e
SHA256 6e656f6cbdf9f7958807acf42e5dc8ff9d3c35f47e76b4c4a096cf1a0f64ca5e
SHA512 0133386681d09db3c25c12bc1dca9054a6ac4b9aa019e0073460416961185c566e83b10ccc623ae088163a6eaeb5156d9095e72e374081bc63a18b76fdb75923

C:\Users\Admin\AppData\Local\Temp\_MEI21842\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI21842\nss3.dll

MD5 fd012b8e98a8a2ca935c5bfd8583ed72
SHA1 3dd493a8c536cd5fdd0aa387488435fb342835dd
SHA256 19096ce19fc9d4144638bf2b0b2b02fb29e5f01cc85b9099c82a693349ae1d35
SHA512 f476139139cc770d0aceefbc687ed6a2397dff2ee7d255fd1432169ff3f29e94f337a2f2b0c6cd96887cdeb7a7ccf586b30b07d652de90850535e6379dc22f52

C:\Users\Admin\AppData\Local\Temp\_MEI21842\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI21842\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI21842\libcrypto-1_1.dll

MD5 9745a302ba079a1da099ca5bb2d29e67
SHA1 1180e5767cd3a3db0b482c351fb3b0731c79139d
SHA256 c3a6a2661986fea8dfadf20fa682ae75a7f779e8465742079d37a2d7a2152380
SHA512 dd2ab9d7cfd10f4b1228910a2db481060f2352fba78b95d193b915b2ef601aff421f662b7c446717ff4a279299b5c319ac74ad16d1493fd9f026602dfa748de4

C:\Users\Admin\AppData\Local\Temp\_MEI21842\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI21842\geckodriver.exe

MD5 f0af3a103dbd64f5c93cecf29754d28b
SHA1 2087dd568489a0bc9c5bc5697e8e4fbb3e9580d5
SHA256 fd5fadf4bbc6e2f1e1964fd8626500225c9186a61d024d7579d5c7f54c39f13a
SHA512 362e6ddb278dffb5dbd26348b611d5ac7e0d4848f45ab663a99cfc817ba6de03df8292457a1fcaeb75e66e4bbae179b41c43cc6446a17b4c9aa74d9c01f767be

\Users\Admin\AppData\Local\Temp\_MEI21842\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI21842\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI21842\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI21842\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNcuf0Q\extensions.json

MD5 35b33de8b564edf1de38ac8484ac9040
SHA1 5da1c8b07506f0ce54da7a1048787d229fd685ce
SHA256 651f3991a642d104f6cd375f49bbbe10a67f51c47daf0939b6bf617c27a3ed70
SHA512 ea6ae045965a7f242bdca97610670a8c0e1511e983a33cf9e00e285084603c0f19d88890a3a352ae9442e5c7fee24db3fc68e5d672131cfabab833e304879542

memory/2044-694-0x0000000004220000-0x0000000004230000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNcuf0Q\prefs-1.js

MD5 300af79b996eaceba0ef6f9a46d5575d
SHA1 597aa3dfe1c86478f21e9af9b720a8e1a8618b27
SHA256 2409893dac30400ec873526a24209c5cda19df9134dc20dd751d5b1063e3457b
SHA512 864886ac7efba3524051738ef62f938de670fda43f30f878c7d4b3aac33529985c7ce4eda760110cc683f4246847a70abf54bed3dc3ed0bc711635f571bc3329

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNcuf0Q\prefs-1.js

MD5 f9b74e782b894888c2d159718e561ba5
SHA1 b246e101154bee2cc4060b8d10331e250f0aebcc
SHA256 75a515ddea12810e6aed42a864051b2e77359578a614db0713bb85e5fd2e0fac
SHA512 2648c16748bdc23c3598584f4b037cae1bd90d240980d61c2c2c8d79fde0087169da3d7e9be31bc4dff99dc1a9f8f4c3b214e13c0439d67cd9741b12252f5595

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 1c4e5d176ec0e702795b25ed757e9791
SHA1 bcaf7a6dd2b59fe14e5f4895c6250385983d2aee
SHA256 fbeb5250959d170d80f2fcaf9120d826881977871bd1875aee35fce7cd7aecc2
SHA512 cd4b2958d4dc8837a51130830d3053508104f09a20daecd4c239b778bb0bcf2ba408e1a15fb443dc7a491a977e0676b5635fc16c9a0ca330407bc571cdf85477

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 0395c1fa3148d2a7a2021c309d7e7dc3
SHA1 d00c32dae6f494342b5ddc7fca3bd05bb06fd8ac
SHA256 dde054471bc789c95b512acd09facacc14bcbb265796c8178826a77bd418b5bb
SHA512 89f09156f98848530b81a993875a41a219fbfe6a1946b6b7ec6729447726afdd13d224cf11e145d8c8706f8c2f7de0c04d45d38f8f11d7d1470e547e4f64ada2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\prefs.js

MD5 4d88906d1133dffaf667bdaea5c04462
SHA1 954de52b20c4bfe1cd8d8dba70104c8d08aac667
SHA256 1ab6d4a037e3b01c7b1e791ce0c42a71dea14686428e771f52b7f12bcce3e145
SHA512 e3c8d6ad4f2d44beae52dc5135aced9eb8274f5ce087ce232bdb029c4efe76448604dbc55669a8a7fe60ffc5efddcb5c490e591f2fd92148a733cf12ccf854dd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\startupCache\webext.sc.lz4

MD5 706b83e74d6ff26c622baeaead0a28ac
SHA1 ce9d70d965f701a2bf1917f0730719d3deeeb1a0
SHA256 e8789fd5ec92a900b88b5bf307798dcdd676c15e4a91f05a971feb49b6d48390
SHA512 ee8dc455291c3fd0ab17feb1cf90e78c37152b95e2ad069874b8552bc26ae92bc0088a910b4f497a1b19e109440070b658225d0bad4d3e66819000f9b9d48bd9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\prefs.js

MD5 6774a9c9a5715608601fa8b09f69a334
SHA1 e8c1ef7398ee841c3271afaf0f3390923ac0e432
SHA256 4c0348325ed997242561d12cad19c82112f4fd701e9d41d8c9b8ea15469302de
SHA512 b15b9feefbd10156efce322390d713c12926a07bc20ef18a4b3db9d1053c38a775f7c5c708413fe04145d46a4f4fd4d7eaad0744abfbc88e203830fcb524a616

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\prefs-1.js

MD5 4077475786a56c42c6079e1a8132920f
SHA1 f9a1e998d4fe1a216d3dc4af3673866c67e16c8d
SHA256 8ad28c6f2a13b67e2816701dfc2433a5976335e2a4ce29b542fd2643ad7bcbcf
SHA512 70175b5eb46447212a41ca4a15722871b68fadf92e2bb7470c91ddb1a885d2200e3c608a0de436318c58cc7c84284c71085ba6d566a8ba3f5e833dc15e0dd094

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilepzCyNY\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9MS5L\user.js

MD5 bf11c4f49227a386fb743fe63b2fa3c6
SHA1 b86e828b39099a18a33c64be74a5c40ea39c1b89
SHA256 b3562da863707b387f69fe8d8def592f53aadaba06d0bc02fb82939faceccaaf
SHA512 6b7019d55649a434d438d769261caff2bdf69b105f2c4eaa16caee2c7a6180e4c63f12fc9c2eb435bd761b28386770a0c542f076660a92fce3eaae764488c5d8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9MS5L\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9MS5L\prefs-1.js

MD5 1dfc0d26afff5765f6e7724d0b80f9a9
SHA1 908747399819a6d0ac54344649bd8b7737a265e8
SHA256 689fe543767810f6db64ede5c0594f6021da4e3513d92e72e156989910738694
SHA512 013377b1d8b466ff0fa55ae4c48bcbfd035d10e5dbbf94f6f9962e4ee13535817da98ef1ec226f34ab74ba3219f6b79405edebc7362054cdb9fa37554c000ec4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9MS5L\prefs-1.js

MD5 24514072e3d8519fbd1739e0f731bd98
SHA1 7ade927cf0dd9facbe8ce084f21ce6a87023195a
SHA256 162b37d2e14000a2898bacd5bdb1dd9269304c292e0b2053e2cf4e69cca15a2f
SHA512 a27dc57cd56bd62685dbe06eee2bc197e01d01a79504719fa5431720c0a773e4484378b343a604664fefd5b4bb0dbf5e931dc9184f752b0efa1bc99c06af1018

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9MS5L\prefs-1.js

MD5 c90dc8e1dd0d927df26e4b94c1b0167c
SHA1 0b5098804951aec4460dde53618b01cb5907ae0d
SHA256 f7ffde579704747895b78d3985bfa56cf5aec570c91aabadd3afcb03eaac8908
SHA512 d21af232ac80cf360bc1fd725a3acceacf3c1c79578ba522594166e267c46da9771e68a576bb11a90b62f470d2dad8485eadda1c37e93a8aa0f7352c52004c44