Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-bc51eaca26
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
pyinstaller evasion trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller evasion trojan

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Unsigned PE

Detects Pyinstaller

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:02

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win10v2004-20240426-en

Max time kernel

300s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1592 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1592 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5048 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5048 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5048 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 5048 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 2580 wrote to memory of 1980 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2580 wrote to memory of 1980 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5048 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe
PID 5048 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe
PID 1472 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1472 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 4576 wrote to memory of 1892 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe
PID 1892 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe --port 54856 --websocket-port 54857

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexCudij

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexCudij

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1892.0.1413982470\2110389343" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {7ebbf55c-74ed-4d2e-af8e-42fa4f807938} 1892 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1892.1.34412744\1361654699" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {8e5ecf4b-5c1d-427f-9db4-8127793963c5} 1892 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1892.2.1889655195\1614385163" -childID 2 -isForBrowser -prefsHandle 3372 -prefMapHandle 3368 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {73ae5a0c-2632-4fe5-ab21-ec35acfb2b15} 1892 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1892.3.354863310\636242178" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3860 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {ff4538eb-c956-4f4d-8c92-e2ce4c589682} 1892 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1892.4.691921241\1291040221" -childID 4 -isForBrowser -prefsHandle 3900 -prefMapHandle 3856 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {5ffb8f50-5883-4589-9286-e596989edc99} 1892 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1892.5.560305923\1760600937" -childID 5 -isForBrowser -prefsHandle 4108 -prefMapHandle 4112 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {a75a63fa-f69c-4045-9070-162e3bf50359} 1892 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1892.6.847612819\68378504" -childID 6 -isForBrowser -prefsHandle 4304 -prefMapHandle 4308 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {78422a23-6b0b-416b-b4bd-1b618ea7bd18} 1892 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe --port 54856 --websocket-port 54857

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.0.1612612082\880978739" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {97babe82-3bf8-42b8-adbc-25d4f0011908} 3272 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.1.446297785\946201100" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2492 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {69a0d94f-49c2-421c-a436-ac617896d5bd} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.2.2116276847\459063984" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {c652275e-6e0b-44fb-984f-b5bca3f59fdd} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.3.1926701208\1848394444" -childID 3 -isForBrowser -prefsHandle 3716 -prefMapHandle 3724 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {aec39eb9-eee8-4073-ae2d-eecc9a588fcb} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.4.1079941458\1930862444" -childID 4 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {61cfad69-974e-4854-9138-62104701add9} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.5.638255358\1450621186" -childID 5 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {953c13ae-78f4-4c32-8b5b-aadcd911de21} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.6.51627310\1332564114" -childID 6 -isForBrowser -prefsHandle 4224 -prefMapHandle 4228 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {da100222-9609-4b19-83ed-93a8fa28c605} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.7.650435238\1286574650" -childID 7 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {28f0de73-a782-4e3e-ac1e-7382fa3cf8e5} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.8.1759484837\346701783" -childID 8 -isForBrowser -prefsHandle 4472 -prefMapHandle 3912 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {422189b7-a9e6-4fe9-b02a-077b2cb56aad} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe --port 54856 --websocket-port 54857

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNfHkjC

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNfHkjC

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.0.979405917\462622104" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {ac1b1a39-843b-4dbe-9093-7985c2fc4175} 2196 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.1.2120364762\137814653" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {fee3975f-7739-447c-ae81-1a27bca980ff} 2196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.2.1262471073\2030029656" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {c391b204-d7aa-48e5-9d53-2609c20f7cec} 2196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.3.828143063\980077508" -childID 3 -isForBrowser -prefsHandle 3900 -prefMapHandle 3188 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {c9cbde1d-9875-4e95-b58a-7ca6ac85339c} 2196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.4.106138671\1915620729" -childID 4 -isForBrowser -prefsHandle 3476 -prefMapHandle 3492 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {78212bb8-6e67-4eff-8202-aedac522813f} 2196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.5.543258031\889018243" -childID 5 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {bd3d5326-d941-424c-a3b5-1d02cf2c92a9} 2196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.6.550480971\1662823294" -childID 6 -isForBrowser -prefsHandle 4248 -prefMapHandle 4252 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {b03d5333-4e82-4b4d-9fdb-98218284c492} 2196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2196.7.1828876236\114040082" -childID 7 -isForBrowser -prefsHandle 4616 -prefMapHandle 4612 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {fa1b4530-b3ec-4348-ad69-6664a3066abc} 2196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe --port 54856 --websocket-port 54857

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1HHnMY

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1HHnMY

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.0.321589609\1728404786" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {0f9892fb-b586-4a22-90aa-133120c1529e} 2092 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.1.657699142\990002270" -childID 1 -isForBrowser -prefsHandle 2364 -prefMapHandle 2576 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {d2b20247-71be-466e-8b8d-7e03b0b72a3c} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.2.683323167\1906492389" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {e841ce0e-e24e-4600-8035-80a5a86983bb} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.3.823332319\571459537" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3700 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {7a17b637-5a0c-4b98-ace1-6ca21dc8bc24} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.4.2139267419\1799471983" -childID 4 -isForBrowser -prefsHandle 3696 -prefMapHandle 3700 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {fc1d5d75-bc34-417a-820b-f4066ebc526f} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.5.1726202105\624793150" -childID 5 -isForBrowser -prefsHandle 4036 -prefMapHandle 4040 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {c85a2ee7-6083-458e-b89d-0f27690aa39a} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.6.642696858\1117198021" -childID 6 -isForBrowser -prefsHandle 4256 -prefMapHandle 4260 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {903eda60-d524-4c1a-8fc7-dc1c0a16a67f} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.7.582979174\15791816" -childID 7 -isForBrowser -prefsHandle 4576 -prefMapHandle 4580 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {0a82b09a-ce43-49e1-9d88-90b90902b929} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe --port 54856 --websocket-port 54857

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3976.0.1070727476\1145349478" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {ec586021-ac80-49cd-a6e0-0fab699c55f7} 3976 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3976.1.143444977\1930545350" -childID 1 -isForBrowser -prefsHandle 2456 -prefMapHandle 2688 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {daf526be-585e-42ab-993d-cdb838377548} 3976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3976.2.181150733\1755301370" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {87e77e53-3bbb-4e26-bd83-a54b1e7e05d4} 3976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3976.3.42754431\1200207920" -childID 3 -isForBrowser -prefsHandle 3336 -prefMapHandle 3768 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {00c0ee08-03af-4e36-b735-ccea48ca2afc} 3976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3976.4.696740422\740564136" -childID 4 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {2866e207-8f5c-4fa3-af2f-47876e4031ab} 3976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3976.5.48410859\718778330" -childID 5 -isForBrowser -prefsHandle 4204 -prefMapHandle 4208 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {82c249b7-f08b-4245-8875-94e9bb70f35d} 3976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3976.6.1652330039\88586418" -childID 6 -isForBrowser -prefsHandle 4388 -prefMapHandle 4392 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {e1064c7c-d652-4be3-b475-468961f6806d} 3976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe --port 54856 --websocket-port 54857

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEchuLX

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEchuLX

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.0.1336978778\1877580335" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {106a0caf-4436-42b8-99e6-b1b43d420ce0} 5108 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.1.811492727\1504148757" -childID 1 -isForBrowser -prefsHandle 2588 -prefMapHandle 2736 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {487ef70d-8d1a-4771-b414-575f1afcbb84} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.2.339709593\422537433" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {a9f72059-c403-4593-a7e0-fd29c071785d} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.3.1833577394\1399279429" -childID 3 -isForBrowser -prefsHandle 3252 -prefMapHandle 3556 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {b359a46c-0f0c-4626-81ca-a457721042d6} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.4.210896048\579513823" -childID 4 -isForBrowser -prefsHandle 2276 -prefMapHandle 3984 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {f4bbf766-a0c8-4a39-969f-c30e02f91d30} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.5.52516144\906247756" -childID 5 -isForBrowser -prefsHandle 3300 -prefMapHandle 3312 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {e9e92672-3330-4abf-8d5c-61701db17287} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.6.1617236161\1341777143" -childID 6 -isForBrowser -prefsHandle 4228 -prefMapHandle 4232 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {fe452b66-f0d6-4162-ad4d-d20cbd22ca89} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.7.1226747065\954252533" -childID 7 -isForBrowser -prefsHandle 3208 -prefMapHandle 4716 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {711a27e1-63d1-42f9-b451-03179b4fa9b9} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe --port 54856 --websocket-port 54857

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZu8bf

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54857 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZu8bf

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3300.0.2081801208\1463910065" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {c40fb1cb-a7e3-4bde-92d4-3a5f4d11de22} 3300 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3300.1.754243785\952742646" -childID 1 -isForBrowser -prefsHandle 2532 -prefMapHandle 2548 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {226d36c6-90b5-4db2-9699-13375ecb23b7} 3300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3300.2.1681608150\1656999536" -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {cda15d38-4460-47f3-a9ea-4b0c81af7141} 3300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3300.3.648717559\1465464959" -childID 3 -isForBrowser -prefsHandle 3368 -prefMapHandle 3356 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {e8acb333-32ee-45e0-a28f-31cd56c65d54} 3300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3300.4.547560988\1835904335" -childID 4 -isForBrowser -prefsHandle 3604 -prefMapHandle 3608 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {294c5683-2275-449b-8b5f-0182591c5f4f} 3300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3300.5.2090059276\1196990318" -childID 5 -isForBrowser -prefsHandle 3856 -prefMapHandle 3860 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {a417fe24-8135-4111-806b-c19c008cba1e} 3300 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe" -contentproc --channel="3300.6.999356013\1894242199" -childID 6 -isForBrowser -prefsHandle 3916 -prefMapHandle 3924 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\browser" - {82671440-77b5-4eda-abad-4733391f2551} 3300 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
CH 213.144.142.24:9001 tcp
US 8.8.8.8:53 24.142.144.213.in-addr.arpa udp
FR 146.19.168.223:9200 tcp
DE 178.254.44.54:5122 tcp
US 8.8.8.8:53 54.44.254.178.in-addr.arpa udp
US 8.8.8.8:53 223.168.19.146.in-addr.arpa udp
N/A 127.0.0.1:54959 tcp
N/A 127.0.0.1:54961 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:55065 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:55073 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.242.39.171:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 2.18.121.31:80 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 2.18.190.79:80 tcp
US 8.8.8.8:53 udp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
N/A 204.79.197.200:443 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:54856 tcp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:55460 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:55468 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:55796 tcp
N/A 127.0.0.1:55804 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 20.189.173.25:443 tcp
SE 192.229.221.95:80 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:56158 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56166 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:56512 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56520 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:56793 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56801 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:57166 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:57174 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI15922\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI15922\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI15922\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Local\Temp\_MEI15922\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI15922\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI15922\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI15922\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI15922\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI15922\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI15922\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI15922\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 009cb243c28f525419e23bf0aeb55b91
SHA1 7f0c1ace24fd9f6ac89efbb1003b534fc93417d4
SHA256 fa6f5f4f7a87f8ead5e9b786e39448d0755ed75d82e9da264136952409721d20
SHA512 92da538f4796ad26c92d0797a55a937f5d847a58357910f83da64975a315c83062ddc9306d9037d08b3bcb250444652d2025e1196c1a8e11ace815a9affdb593

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpyw3v2rn6\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7d6384160fc08e8462405b48c58d422d
SHA1 d83b6062f5e178867731c73ca85ebce36e31c806
SHA256 8877695be8bed60e85e844422198d7408abba4ee16d362a9c8f514b85e3365d7
SHA512 168e240ecec07bd2c9b6bfe8afe228662e6d6c42b4f2bf2349fb9d8aebb5fc4fc624ffd0c5bf91ce51b2ccef3cff33133188997bf9aad97a633552c5eb9ecf10

C:\Users\Admin\AppData\Local\Temp\_MEI15922\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI15922\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI15922\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI15922\top-1m.csv

MD5 11136fa0eb32dbafb2979b5c07816a51
SHA1 783b6bba1043b11a3850ba5c922e39bb1409d094
SHA256 98c29fb0f6ecdff973c17b62389b8892a69bda49e2dd0c0ca888ebf4ae1f322f
SHA512 3f20d5d0f977dc1661bdf98394674ac5c3b1d85873d6ddc1c2a430ae2d0d46d517473c9884e60474093dcac5436d8aab64d98c0e56532edc49b449822aecec49

C:\Users\Admin\AppData\Local\Temp\_MEI15922\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI15922\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI15922\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI15922\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI15922\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

MD5 877fd0975fbf37a578a6f91bf17ff89c
SHA1 e8f17c51a254c5ab8fab086489b3ab1033e329f8
SHA256 ee2549b8bb4dcd7dbad32cdcfee35df711dbb0389a48f4226993fb2f05d0e106
SHA512 18fda4d15be520a33438a257f3c2508c99720031b8d61c4d42105ba37dc55b86e4d9a93c2e25665fafe4acfd17ad255f0422ec47f6116314b0c4b15944a86f61

C:\Users\Admin\AppData\Local\Temp\_MEI15922\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI15922\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI15922\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\tmpyw3v2rn6\webdriver-py-profilecopy\favicons.sqlite

MD5 cf5ce436268b5bf235a0befb7d3c3145
SHA1 40d389c58b3d60bfebf07ea77ffa3c0946e64203
SHA256 e519818998da422813e43717ccfbed8340243adbd1c7efe21289c9aed910fde3
SHA512 c44db6ac7274172e8222b9fcae8b4fad8f30a351218a3270f4da6dc2ac72b124680174584d5ec316351f378cd396178dbc61ee26d812a70d5f141194b1cf10cf

C:\Users\Admin\AppData\Local\Temp\tmpyw3v2rn6\webdriver-py-profilecopy\places.sqlite

MD5 b5c12d055da1a860c64e12fa500bf3df
SHA1 a609d35d60c8fb3b95e1c6d8d632ab4abcb56577
SHA256 0d2bcf89b48e95fe3b4a9b58e6cd24c1731559bd15f43cb3adb7421f67f00ee6
SHA512 0c0c75e4048c51af99ca26f7eae072ca4d432b09802cab168c467ce1801603594046e1a873502546d76e7b573a182b47a145ef885a3b12c86cebce751a84a303

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI15922\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3356-491-0x00007FFF62640000-0x00007FFF62641000-memory.dmp

memory/3356-490-0x00007FFF63320000-0x00007FFF63321000-memory.dmp

memory/4292-518-0x000001E319290000-0x000001E3192C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexCudij\extensions.json

MD5 12cb379773fe456396b2c017ce290ad8
SHA1 1c679448a80aed7a241ebf8940524eb9afd9fe68
SHA256 e38f93d9b6f97d16114c9a411b3ad9b475b9212fc186d77ea1571bf4b9b084b3
SHA512 420deb8a40adb685b597ba6065dac3946f6852347869e1c39e1878ae1fa827bcd86755b5a87031f5de139bd0e97b6a3f4df44302f1d520509cccee8875a3a965

memory/3356-587-0x000002B016650000-0x000002B016680000-memory.dmp

memory/3700-595-0x00000200F5680000-0x00000200F56B0000-memory.dmp

memory/1172-597-0x00000185BFB30000-0x00000185BFB60000-memory.dmp

memory/3156-596-0x0000018481600000-0x0000018481630000-memory.dmp

memory/4736-594-0x000001440D550000-0x000001440D580000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexCudij\prefs-1.js

MD5 f1e41289ef657aeac454108384c3e7ed
SHA1 fce0eb825df6adb24b05b81b36b369c107d28b87
SHA256 725b9ff9eed3e81d783e32dfa18c20c8cf266c9e30418fc99cfbc00d2c7ab028
SHA512 f7b4b904cc4baf8ed612457797b76b6d147151b59a9c58781f1089167025a1afe2f4bb7fa2b59eb180a6c4143dda6dc23f5e946eb2b8e650f2e63d17d32c06d6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexCudij\prefs-1.js

MD5 77bd03734658172fe4a6646beb1d78ea
SHA1 b3c1d36fadbeac863a925dcacacefbc2ec61e547
SHA256 81287035b7c317b7153c0b343e378e0309922eedce127da715afaf18bc275cfa
SHA512 ecd746400fb4075e9fe0a9263d1f6419b92f8415c341f16b1a9f61eea90056a8aa850a0c6135dff8d2137feec3720b9d9079c1de3804725568913bf45c0b6c46

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 5c39d1a398288bbacfa6f1ccc055bb95
SHA1 35d1cfa76eca6d6adc7e5b05b1daa3aecbcea27c
SHA256 36408d9d00c14a2f19083e4f4dbbd9a77aa2f1bef7a0c7f6da24c1633063037f
SHA512 f812d2dc82778526c2f37d0d244adcc02443a6e794d3ea237d3dc9371afa2bc3ec4e61f6d902e1da33752b0d07cd7d55eefe2153d36a3b1f1e547e07130906b7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\startupCache\webext.sc.lz4

MD5 1d0af1d758ce70b2de481fe3c68430df
SHA1 732f7bd18d7d5e0a1a6ea21ea74f15b03f425905
SHA256 4aa885b9c865132393686f67fe3a75dddd7a9e38437c7de9bcb72e6f4f3ff658
SHA512 a6a4fa57d44ac38f7f8ec607a67f91f3b93a1470f16196adc71ba959a1b000d2c336e44d260e887e9bf292c639eb42b01f24c2752c1808d1175791b7110cbd14

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\prefs-1.js

MD5 8461731454d6b5f1d3cf855a6675541b
SHA1 29c6568ed7c658a8323b64b9ae92e14fc0d9353a
SHA256 092a92e907abf1b3905ca0f1328f97eda6cc628f53f235d4de9b0dfd51c6b938
SHA512 521a51fa582e2d691538e13a1613c83a23100fad7d2c9499799bb3b40ada215ecebdf1959455381d744c10f70ff80ebf1b0557f789afa0d4eab34b46518783d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiAZHoW\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNfHkjC\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNfHkjC\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNfHkjC\prefs-1.js

MD5 8863f4a7245baae58ea7ad83969c5c7e
SHA1 feb1323723bd8acc1eb86a032cbdafd37ec28616
SHA256 f5596a68be9fefdb1eb7d2b247271ddf6ca16923d233eaea8c4a4e293eabeff0
SHA512 db68cf343e7fa49caa8698b6cf5b43b22c54cee2f96f929c8900a43c3cf3a5832141b42f6aa9903e901b365365694c8f53a4371f6baea99287c2679b0ee69dc0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNfHkjC\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNfHkjC\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1HHnMY\prefs-1.js

MD5 6b62888a560cc5ca22a2b59ba7d7de0f
SHA1 af809b93875dafb3d8d709d8d07e33b05470a049
SHA256 5e136f44b6f64f569882bbc2b181005dbe11f6b813dc48dc1f63f61323322402
SHA512 8fc422382696beff213fd0734129cdd6aeb95d39c7bff3714be53b5a206d2f41d5d8e89558ade82768f42facf4075cd371c44552c604c1c11358ba3ff280322c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1HHnMY\prefs-1.js

MD5 140a7a0092c0176e37fb50ede5be74a4
SHA1 caf7f140ca0c6cb47b619b289ff026961d0c1056
SHA256 09d1a6f573c4f45eebfe8e3212798b5273f78cca48903fe5e97ef4c1467ba2fe
SHA512 bccf3a85774d3048c26cdadc8ff37dcd3bba8973a5196241fc9e16074e4b8610d4ace406bb048238509d33426c032509dfd3311c99a02bb5f8aa7e54f5864a73

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1HHnMY\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px\compatibility.ini

MD5 d20a725aa5e3dbe1f756f66b4fd5223a
SHA1 4556c4439eb799f345f9e458d030c09eef3fafac
SHA256 0850d1f14a60d0a985dabb277176bf8a96304a18c9a92e91553ca66d7f055e24
SHA512 24ef0bac4be0a7e2dd41d6077f47e8d3dcfb1595c68cfef0efc0531512883469cbf3c2e305e01b4bf467b22c312e16aedbdc05c61ba44311127c5b3f2990a9cf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px\WebDriverBiDiServer.json

MD5 380046d67226edd3ba1162cf341ca145
SHA1 c7416abe6cd595629741f041b86792f01c314b27
SHA256 3ea16e8f5533a114a11db0dca82753a6d8ccccdca0fe583f38bf983250e67533
SHA512 a505e2cb7e1b2589deeb4071135bf57b9339a709a4e2c8e523779e23373aec4e16bc39093791cee2c8272ed4057225654ee5af649631a27b8d204753efb69e75

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 e615b03d446d50f1daabc516539e9462
SHA1 41d13f14682a149985c88d39d4ee6efb907dc718
SHA256 52c953dc2c6745a16d35e7f00e94de2e93d91b85567f44ac0a9f3c2c690554b0
SHA512 5dcb2fa3d66fcf8c9e5a9d8ba89e83825ee307241abf844b6d090d104b1f2d72ccfc88bcc6908bfebabe409e2483d5c7dbc6157ed532792bf40db373a2444323

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemxN1Px\prefs-1.js

MD5 77111c74ac15e0bff465524f81d1f8ea
SHA1 2e7de6af7ffb4e28d1878207088f04832ccd3010
SHA256 15505cd2d14dc14f61d6abeaa0d0546c00d425dd7a0c552788007e8cf59d392a
SHA512 f4213594d2589bceb8da7436bec00fd09602d7bc8e5427e1ea29aaa6e330b60f4f1e7c9c029fe66a823aa01622a4733c619999b2b0d6e7926850006758275b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEchuLX\prefs-1.js

MD5 46f53892155968b8aed5a4ed040437ae
SHA1 0ad8fd3c79aa1bda5458784341d4321874beeaef
SHA256 7435b6403e254ee206232f5091f93c98c3c76726593659eb1f31c0faa47f8fad
SHA512 59c865832b45eff14d032af3ef2fa566a92d05ef64401402e0c316b539b8884a04c0f84d1699e380a4fe7f17767f3f666daff8824cdc80590515d04e40907671

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEchuLX\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEchuLX\prefs.js

MD5 ff1e09cc265577b5ce284481acd574be
SHA1 78f5032149d41a053df1cb9be580a2b66795f3a0
SHA256 a5a13b8a64a3e76d763a1c76fd7f6e08385253f3fb4362b13ab108ecb6cbc4aa
SHA512 644fd0088ce942f637dc9ede49d72695e629f182ff9347250e5fef8c3660dcdc5c78a9b7f13409abb5fa986dda8fd808f76c38df17cbd65e607746f92cdfb088

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEchuLX\prefs-1.js

MD5 7f7811a7a768e7ebea36111284368e96
SHA1 54c3b488bb9e6a14872f1ae0917629167f561116
SHA256 494127aabe878e26b10aad4b0fbc741af1bd96a232b49bcf57ede70f9d0b729d
SHA512 5d2dd5b79dd70a4e82371c61657b9bc903e4f1e92903b08f0c12c7dc3d115c3216e96e41ca0ceec8086db114ee3bc6fb4296472614bcd92937192bc5009a5d54

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZu8bf\prefs-1.js

MD5 43d545efd541930fc879fad14022b4a4
SHA1 5c2f9fcf175703ba89db54315bbf21cdb48ba16f
SHA256 7d43ae450306a0297a298db34513787ba9e3cc6cba073a894304cc245da841d0
SHA512 921963bcae6b55a142594c46492c8602d403c347fe8b7aeea62fbc622ccc87e47d84357910bd7ec0484a3ec7b6304b07e80d30124e2864cff43f701d5172bdea

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZu8bf\startupCache\scriptCache-new.bin

MD5 20a9f9fcb7ba0bf743c31e5f4a773319
SHA1 c700cba7928c660c90eb34dade6726c8a2e1dd35
SHA256 8860327339d27a478a510e456aeac0e4d279398e483c42dd68cef8f72361d377
SHA512 dd6d74954f2129b1a92f6d259522b2964d8bd5c140afe6e46abe62b8548f980f763ecc9e5ef2bd3d7b14551bf0c2c894c6c3bfed96ed9ac775fff1360be231ca

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win10-20240404-en

Max time kernel

298s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3900 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4172 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4172 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4172 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4172 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4712 wrote to memory of 3588 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4712 wrote to memory of 3588 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4172 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe
PID 4172 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe
PID 3180 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3180 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 408 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 1784 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYYZezl

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYYZezl

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.0.2030947068\791874545" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1448 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {79d6211b-e77a-47ee-bbd9-412a8a365d0a} 1784 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.1.717704452\1411703766" -childID 1 -isForBrowser -prefsHandle 2508 -prefMapHandle 2424 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {90770103-4a36-470c-ad37-b65731911442} 1784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.2.597198722\1646276738" -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {3c9f9e36-6d57-4fc7-b526-ade70818512e} 1784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.3.1523453798\1176833178" -childID 3 -isForBrowser -prefsHandle 3048 -prefMapHandle 3036 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {b5f5f402-1b7c-483f-af5f-3449b2751258} 1784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.4.916357858\1659930452" -childID 4 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {e7a4c271-909c-422c-8a8b-c5975c0b491d} 1784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.5.1746301815\842976364" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {0e04e92d-d34a-476e-934b-35a287c4a2df} 1784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.6.2035181129\1202993443" -childID 6 -isForBrowser -prefsHandle 3828 -prefMapHandle 3836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {c932c33f-2a5a-4cc9-b95d-ebc7a211cb58} 1784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1784.7.858410087\1625536893" -childID 7 -isForBrowser -prefsHandle 4316 -prefMapHandle 4052 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {0b6c447f-551e-4071-878c-31ee5ab82aa9} 1784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.0.851370270\1739905936" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {9c3ee9b6-523b-42e5-abbd-e1793c5bacff} 2868 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.1.835726161\1440731805" -childID 1 -isForBrowser -prefsHandle 2328 -prefMapHandle 2288 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {4d827329-9303-4b25-a33c-507e282d69bf} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.2.1238709849\1377163394" -childID 2 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {fcc9d737-3143-409d-b3c0-68d88a865e0d} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.3.555551209\60129521" -childID 3 -isForBrowser -prefsHandle 2936 -prefMapHandle 2888 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {b44b8b71-d9c5-4f89-9134-36a6649b9c0e} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.4.1231389622\35460239" -childID 4 -isForBrowser -prefsHandle 1176 -prefMapHandle 3316 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {effa5e8d-9c06-4f74-8d59-029dc8a73df4} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.5.865325689\692146468" -childID 5 -isForBrowser -prefsHandle 2244 -prefMapHandle 1360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {eba01196-f07f-4b9f-968e-cf08ecb0b22a} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.6.1975450219\1413029704" -childID 6 -isForBrowser -prefsHandle 3140 -prefMapHandle 3164 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {c8055621-bc8a-41b1-b7a1-77bd75afd1b0} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.7.1868309374\155431949" -childID 7 -isForBrowser -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {fbb95abc-c515-41c6-8026-6c8522c0ded9} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.0.1054229685\531428635" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {092d45b0-9060-478f-b8f8-1e9f26fc910c} 3384 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.1.789369232\1419156627" -childID 1 -isForBrowser -prefsHandle 2408 -prefMapHandle 2460 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {fb063bf6-36d3-45ad-800e-2f26c3903f00} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.2.921146813\1391098714" -childID 2 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {f9b66cee-2e56-4531-a2d0-b295e36d41ea} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.3.653998787\642807309" -childID 3 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {5a2f790c-9a40-4046-87aa-baefcf580206} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.4.2075598807\1260692181" -childID 4 -isForBrowser -prefsHandle 2952 -prefMapHandle 3048 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {72bf7549-b0e5-425e-b23f-8bfd8d5ab6c3} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.5.1650033827\985863314" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {745d0113-4a2e-4436-b025-9d99c53eefd4} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.6.1946992474\1981712822" -childID 6 -isForBrowser -prefsHandle 3268 -prefMapHandle 3404 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {124306cb-b16a-4e7d-a7d1-64ca637441f2} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7qxXId

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7qxXId

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.0.131474306\33983823" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {ffba6d90-a197-4698-9b5e-bdacc6c14050} 3444 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.1.1403677656\843481336" -childID 1 -isForBrowser -prefsHandle 2208 -prefMapHandle 2436 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {968a9efc-35bd-4cf6-b03d-877e911ae488} 3444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.2.519701968\1947460090" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 2740 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {58e573f1-957f-44bf-b909-d6c80f686a08} 3444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.3.440039257\1372911674" -childID 3 -isForBrowser -prefsHandle 2936 -prefMapHandle 3160 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {20516a11-1714-4a71-881f-0ca9bbd0937c} 3444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.4.1061458573\1414399331" -childID 4 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {179ecf12-193d-4af2-b763-791b5683d450} 3444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.5.563929507\1274752410" -childID 5 -isForBrowser -prefsHandle 3768 -prefMapHandle 3772 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {3dff466a-283e-46b9-92d8-d5fdbbef5d45} 3444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.6.105960621\29890771" -childID 6 -isForBrowser -prefsHandle 3992 -prefMapHandle 4000 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {7f4ddb77-b11d-4de2-87a9-ea229d0c67e4} 3444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="3444.7.986903634\2133238959" -childID 7 -isForBrowser -prefsHandle 4432 -prefMapHandle 4428 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {61fde3ab-c465-479b-b170-ba9462e25a2f} 3444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.0.1624942528\172267346" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {6ea56b86-0335-46ce-b0c6-555a7d1d2602} 5056 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.1.286885652\683814296" -childID 1 -isForBrowser -prefsHandle 2396 -prefMapHandle 2460 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {ea9597f1-65f5-4876-bf3d-88302abd30bc} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.2.1372677458\1203678046" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {e8776c3c-e21d-4c7a-9e7b-593f2ca324ea} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.3.882356748\1757390736" -childID 3 -isForBrowser -prefsHandle 3580 -prefMapHandle 3440 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {988c2510-7396-4ce1-8ad3-bebbb7e13896} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.4.1421833077\1655928251" -childID 4 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {dc6fafbf-b00a-4bee-9177-a22ab5db963b} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.5.1188775387\59852135" -childID 5 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {7159f29a-649b-4ec5-bc45-1dc4b93d7a10} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.6.1587338089\144157276" -childID 6 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {bc1c0537-572f-4382-864a-2017c13c9d74} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.7.1236772867\735518052" -childID 7 -isForBrowser -prefsHandle 4356 -prefMapHandle 3828 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {9d17b1b5-1fb8-4198-aff7-cc8d7369eade} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevSdqRQ

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevSdqRQ

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="208.0.1374670160\1078421780" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {f3172ad7-a2f0-4dbc-85da-fe735f2a58d3} 208 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="208.1.770747702\1715438113" -childID 1 -isForBrowser -prefsHandle 2128 -prefMapHandle 2376 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {3309a035-bd78-42b1-92fc-484861b45348} 208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="208.2.1852567599\541076521" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {9f72836e-b08b-494d-83af-116fd0ea8d60} 208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="208.3.369792563\835405085" -childID 3 -isForBrowser -prefsHandle 2996 -prefMapHandle 2980 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {e8e4c302-7498-4413-bb69-f6e4d2f57deb} 208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="208.4.632352912\1450553258" -childID 4 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {ef40e895-686d-4635-bd69-0916d4ddc461} 208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="208.5.187930619\1884576386" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {daabe5f6-a029-4002-8a40-2379a7d760c1} 208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="208.6.1206326562\265744701" -childID 6 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {f128a23f-a2e1-42a4-a06e-c0031c8548b1} 208 tab

Network

Country Destination Domain Proto
ES 212.227.149.79:443 tcp
NO 185.243.218.202:9443 tcp
US 8.8.8.8:53 202.218.243.185.in-addr.arpa udp
RO 109.102.193.184:9150 tcp
DE 178.63.173.42:9005 tcp
US 8.8.8.8:53 42.173.63.178.in-addr.arpa udp
US 8.8.8.8:53 184.193.102.109.in-addr.arpa udp
N/A 127.0.0.1:50154 tcp
N/A 127.0.0.1:50156 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50250 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50258 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50591 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50599 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50882 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50890 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:51180 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51188 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:51505 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51513 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:51822 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51830 tcp

Files

\Users\Admin\AppData\Local\Temp\_MEI39002\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI39002\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI39002\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI39002\top-1m.csv

MD5 e332a31381c6ca9db2b50f1ce430d38d
SHA1 f89de1dc4757367477344ec569983fa8004de7fc
SHA256 499a94f6ff83bcd4389e3e590c146a19a51a10dd4c12f077e7510aa209a5bc0e
SHA512 d7f14f04fc25fe85a3981eefca46a6bfeed806447a9c443347572b9a7dd5e8ab038c77e07f4413190b5e4ad0286d7d83860bc51ed516a29f962df80973005ca9

C:\Users\Admin\AppData\Local\Temp\_MEI39002\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI39002\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39002\nss3.dll

MD5 994bfc2fc10158225503b93c393502ce
SHA1 66026e54aa8b516df5363571774dc234da41be9a
SHA256 0f24198a691bf78dbc6e6d69698307c9f9834dd7615f96508204d365fee188e1
SHA512 2233393819136e00ed4d0ba4af07528d6a73e0dce0b85793479fa500f03d3e55820618428d2b85af6c316726593c1c056964adf5823ab4135a236bc3801b6abe

\Users\Admin\AppData\Local\Temp\_MEI39002\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 a25f4695bbc2cc3bb10bfc72fe8c7c91
SHA1 746ab4d71282026d95f6ff41dbec04eb801f0ff3
SHA256 a813d451fefd83c27db756cb1482a8877ef260059ac06eceb462c07f16afcbca
SHA512 914a179074abbb31753501a96d0be7271af768c91dfdfa25f57d97ea65241fa5fa2fb64c3b07e069e2e745a99775cc45a8695a6581950246ad741166344602a0

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 486fe872808014e51f75515c56a40cb6
SHA1 e7fa97e2e174aaa9badd0a04818364a9083874be
SHA256 90f55bbc9ddc538491475502e381a01c26472773900c41c1db19bc89860f6a08
SHA512 f2b0cb9a683e3e19d995040339660da9f2903dff885fba6f5a76adf7113e4d0789aeb295b4a33905615bd9efb8c733ad8cb349af6ba8015e0013546aea91ee8a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

\Users\Admin\AppData\Local\Temp\_MEI39002\unicodedata.pyd

MD5 74f0f14027b885ef241534fa196562c4
SHA1 ce3b7da95afcc5d5a1ba98b3559838fd5c590ad4
SHA256 0699d54b62a6af51ba3066d2234cdd0993888e96e508f6601bbc072c5ed850c5
SHA512 44e53181dbf565f374ffe66f8963d2e48733325df23fd0d4e3d4ecc23a7dcbebc5553a8aba83e918a59263c43a29d2873f252249e43d20525def232fdff0ac18

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

MD5 cc3d9fd2d0d1fe7415f80f1b8338bb83
SHA1 4a2ce0dcfe92fa580b235d025fbb87902548f78e
SHA256 65f327d15e6634a75457968c1351533a5fc92a906487611a3a78d380c54b99b3
SHA512 da17ce903cd4c09ebe53345940ca41d34089958b225537e727301273ab5845419d36a86d0574567b73b5dc7031c1bcfbd86106651db8f10ac413065dd27607d2

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpze8k43fd\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\tmpze8k43fd\webdriver-py-profilecopy\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\tmpze8k43fd\webdriver-py-profilecopy\places.sqlite

MD5 a476120b2211f8725f3764352a6f7d28
SHA1 5c166fed2eb792fb4a59ae42abfd6f6cd1a07e7d
SHA256 248d9a84421bf8408d6e127666b662f2dca9188d4d7487cf7f018f54c903cee6
SHA512 fa8801bcea830ceba340c28d9a3be61711b1ee312368364d51c56aa8df19931e237373674e41b523cb1a4446476cec62c1595582923ce64706c1e5198aea69da

\Users\Admin\AppData\Local\Temp\_MEI39002\libcrypto-1_1.dll

MD5 0941c662082b05ebe62291f286a83e8c
SHA1 07c8641b96a52915ea5d30d5891478556f8d9208
SHA256 5fb7a352f7446297b524902cd1bf9f4e6f2fb60cfb2daa9e3fa0f76ce91f9c27
SHA512 d0dae6006c1d1978f3166ab3663ca14f50f0b3699357ce89cc53cad0ffec81c089355c5980bea7ad527030fdd12a26cc0cb6422a933e207226e77d2730d69da4

C:\Users\Admin\AppData\Local\Temp\_MEI39002\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

MD5 b231fcd9fddce4e886060b2989014646
SHA1 efc39942f7e4946a51561fe437cd3fd7486d41d0
SHA256 3a72ef0735298b3428863a52ceef490c463149dc69368ff65517ba0f0726ecd6
SHA512 06b1c7096a82a9aed90d7447fe4d04110706a6050a87bbd678cbe3861921d04655b3165e9088dddd4b57cb22564e4dcbc73632d2e1fc1558ca229fd29e4adcaf

C:\Users\Admin\AppData\Local\Temp\_MEI39002\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI39002\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

MD5 676b52589a319fbc6bc54a359aea465f
SHA1 a31e83f9107a5cdddf35056c29ec20e78a14b915
SHA256 76b1ed1db41cd6aa25b94692f123de5de7e4503760cd3d184d847e7c2732221c
SHA512 9edf652e43e83caef7654900798ff3891c5d2ffdda4beb8af59dcb2362efb2987f75364277aee5322b45a212b51456637646324919d5b112493035a6a3c6b82b

\Users\Admin\AppData\Local\Temp\_MEI39002\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI39002\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI39002\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI39002\base_library.zip

MD5 196fc7563beec5caf7c72cfefe27a4c0
SHA1 c3d9ecb19ed275d5e72dd2a2b8e63ae4b1339614
SHA256 ca9d50db79635bc360319cbb7ef3054ebb5824298e72663f38a1389575e839a4
SHA512 f0d6d9eae8fa63bc1922a8092236ab832c5d640d2775f985b13cd661796ee68b0c690146e84e2d54f55b374b38345d7f4c295d403ea6ade60b268d9a56cd139e

\Users\Admin\AppData\Local\Temp\_MEI39002\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI39002\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

C:\Users\Admin\AppData\Local\Temp\_MEI39002\python38.dll

MD5 a5ee4fa71fef11f96e91af34bdbf075b
SHA1 82f5cd96e15ee50f7d5255d657074a4c2f0544d8
SHA256 45667e2c024552ded7a98b97225d8702bd35b29e33bc75f111cc349d0388ad25
SHA512 1ed82ead67ddaf52db407d1bd83e1b5989072e6760034b285b65e1d6a6c8f9cb2734ecd89163cc2edbf6668529d3e30f3ea41641ca5ddb7aac23b8ef57b7083e

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 a153b2783a9190a1d0ef360494bc713b
SHA1 4232cbcd0b9407608844e18a2e98b53451210eeb
SHA256 22f589840d32b8a1a28d3994ae0bc22d617fc0be438dafa0285a6784083ee7cd
SHA512 e74b88a9d49f7e434cd355136d0d0b3d73d3ca3eddc1415b18a0c78bdbdf71d2b702ba06cfdb8f1d6bb54d8a257623c5431ac399bf76392516b53f38c969f6ac

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYYZezl\extensions.json

MD5 c41b2ea2dee36237343682da0200863f
SHA1 6968c1151a05787f7f766912bed884f85b261564
SHA256 d5887b2762405cd34bf213e03eef1b1260f3ef382036fe5faa79227097d36b65
SHA512 3a743410c21b9c5540c08e781ddd9e8269723da5d155043cd6f34ee362e2168484a179f22786862ce0d14372e2f6e5a05d648e3a45661837f63a91ab78e9d340

memory/1784-578-0x0000025D948E0000-0x0000025D94A50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYYZezl\prefs-1.js

MD5 899244b9b87319eedd857d718ee89a5b
SHA1 40078193b87c879c6aa7c22823ba9cd9918ec5a6
SHA256 24fd1f2f907eba6dc9a053f8da906afd366cc8ae02b53cc3ad8fa9c2618c7443
SHA512 17d7ce1ff704fb1928299596d915ad91d45626e87e1562a070d586b59275c11f84b656d716eee2696a199fee754854eaea5cb8eebac2c33b964fcf2263079de2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYYZezl\prefs-1.js

MD5 7658138e8ef3e7c459ae61e8172172aa
SHA1 ba9b2f422528dd7389b381fadd01b8de182c161a
SHA256 e0bbd5244d093e1c1d11708df560f28e54aa8a339f9af74f3573c13b2d46cd94
SHA512 48d749d9880973adaab7fda0b34098b29149efdc0b65d8ed4ddb35eb4236cb4a629ebd1638afb527d46bef03627fa263effd6733ccfac3deeb84a5e73636139d

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 fb6efa915e8e7ca53a43e7ae3063928f
SHA1 cad6ab6b848797304008efd585ebf6f1a2b83bd3
SHA256 62420a9f283bfba1f87577a54854a6184e2759cded69fd57e74e93782f427d3a
SHA512 f65b853617278f5705b9ed524c4f74bf98adfa51f2057084de25db569c6715a5ddb2062306c286b2960f51efdf40d375dd1de6ba137e0a9ec68909ca1dd5c5d8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2868-818-0x000001726B9A0000-0x000001726B9B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\prefs.js

MD5 825c08bd1571d212a54518538f9be9d5
SHA1 bd24fd8e3338d033a910e66e01680a4a1afd09cb
SHA256 c2af4f621fafd329790771679f2ae02c0a44bf8744c2313c0d02dc7df1585cae
SHA512 f62cc3bee424ce6d6fbc12006e3867c39580563cd802532e342981c16da0157c20e1b4fbd256b96b91641b1325ce973c671ffe9df25909a1de42c3e6b071c588

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\prefs.js

MD5 1139a3343f5360a9f41c9b6e54ea01c5
SHA1 0dc0e58b628848235e37a0f392c63eebb9209052
SHA256 32176844d59919744bfbaf1fcef191e10b67a546d54bd40a2e9d8c17be4a1825
SHA512 242b874ecc8e5661f3ecb742f634c1eea81bd728bb58d7a8862f79cc3bc7fbdc18cfe452a0c01601ab465e4b62141bda1b85d0f0c6a4c62314e542eb2d3852c1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\prefs-1.js

MD5 e11c9a2f55cef6ec9183db997a60a3b6
SHA1 5a8bdf3bd5204be969631c27cba38e79eacfe144
SHA256 61b80644c15dadc737afac2d7768efc5caba9d77b8b6ae9000bcb823d92773fa
SHA512 2ef5fe29281f607b8770729d95f94beb32936e4b0472c757701c13b7862ce1a69272dae1be8c109dd7804fe3e096537a5d91f134cf8fc6e967777ff3f27bd2b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGzGf1V\prefs-1.js

MD5 6e28d424b7fa0069e3e9c4e32c851720
SHA1 4de252477e762334b00b74632b6a1f10446b12f6
SHA256 23174a14b3d5f112510aef45d5cd83adb3e1f5de9b1fb6ebaf24f36f6ed65d4b
SHA512 a88f12cb4d0616559f853f15ae880dbb6c60db388e81ea807a06ef43a4727bb4deaaa74ca2e18f8b2a0b4b0c2e55a32b46134706f35e42f2e7b1f4a6fa00b158

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz\user.js

MD5 d3700fe04a27c09991babdda10b26262
SHA1 014547e2a0b7fd5018e04f006be4a1261161bd9f
SHA256 1fc9f6c26ba8efb2d26ce83ede7be5ad7c4d68b5134b8ef17af896dfbddc4ba9
SHA512 99a5bc4cea683f6421eb730bf4ce2bace2fcc7a7c20ea893b15fa5e9785e1dae27ee6fa819f9e05f6a0616b4cfe2650a6bad5978b54f6d29c6b57028368d3242

memory/3384-1111-0x000001C9192F0000-0x000001C919300000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz\prefs-1.js

MD5 b20bf8c6ae6078e6745b7f8f5e60e712
SHA1 3a102353ad1c24c0072bda88a6dd629a54997ebe
SHA256 8271b26226d444c15984143641d2be01b2a16399beae5dc62cdb3a41f5eed454
SHA512 15c9cff541032d8c389c8ed26c9f490ebcda5953cc9ee250d567c814b4867426080ab654b1f4b8c853f665a9517fa02bded45111071cee49a3b2745d23d09655

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz\prefs-1.js

MD5 6e1cd54e2b835c63a14371409f723fe3
SHA1 20f76e5fbda2be51b83ffb45305b8de466792b5d
SHA256 8a363e013850e470fbdd10f35960ad22a43564e2ee0b4cfacd5308513f35280c
SHA512 2394d8c726dd5777d0845f559f0f5ecc9cf8b551ff88908c4fb9580bb81aaaaeb9bf192953d6d6be163758805692fb5994a3956edafea43bdb7b0677d11fa857

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QEUDz\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7qxXId\prefs.js

MD5 36d9f6a15e41984524e1652ce72a5ae4
SHA1 d8304ad3106a830b8ff32a6580eea443ace68f23
SHA256 d20292eb7b8617c025d5151a828d3c0e11c2f9ba9a2ca0a5bc92caf67a3cb00f
SHA512 f3d765e876561a566cb70a5d648b93ce6ef3d0697256e70a89105d5964983385e6de5e8a181aeb1af0de8fd27b97cf70d6b9fcec1ff9caffe7fae3c1f6b3df7b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7qxXId\prefs.js

MD5 1a933d20701315da43bc81dcd22232d9
SHA1 ed311296e185982cd4df05aadfe1ebf03951374d
SHA256 c98dcb44cd756bd774a301b58a4044e5cf37ff7b5d93780dae5732bc0d654849
SHA512 29b7064498da2ea3d3ad8fae956ffa2f118a218f364ca7a6f5065df7c168cdd9a7a840d3fdb350f868d8f148281ce9e67c09114479eb35a76ecedb51654282a1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp\compatibility.ini

MD5 f8d9d5cc350b04698f86b9440e2a8af6
SHA1 a8aca88c79ad7d82c07042347027b36e8df5fbee
SHA256 0d760006ba9b5e64f936771e389c3f35ec6a2af5bbe9d4f02397b8b20f57ba82
SHA512 40f733c1488295bd609d34a88fe09a537b4f18f0d73717d4c998716ba6562eb76ace8e6bb79c986d4791ad452c60da4bbd92f34a84360a2c874a8889ac2a18bf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp\WebDriverBiDiServer.json

MD5 b1a549bbbf2676fef541013151573a8d
SHA1 02eb25a092ab90100d5356f59ad1f7b9a88b4c0f
SHA256 0d5ce6f5515c0a3e358b4e5de89976f06954d54a9b7d2e67b22ad0b8548b2f5c
SHA512 66f39e4b171991b42dcc04d900276df024afd2917a693e0eac795f386e33c7949eac771a96ac7272b7e391357763c379035c2f541d78f4bb79a47e47ab3f8e0f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 dd9a9327a8b871fb4d41cb7b11db0e0d
SHA1 71d2cb7247ea009c43bda48e253db9b06e0e7db6
SHA256 09c1ae42c3d1394862c86e3a4ea80a1507853136a7ef2fba759c4f8ac700a95e
SHA512 adb0217868bafde60dc08aff07492c1080fe0512ab065968144ec4f0af8cc22e4bdcfab43d5b54b01bc3ae8a5e9c9cc4b6b9435afc594262d4ff166359a92b93

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp\prefs-1.js

MD5 2e8c8d6546cafa1ba77f827e25167c76
SHA1 4027bbdacda32026c98785d6a3aa5c635f3f9f36
SHA256 3cd6cb851eca359d6c5f01c1eb3ed499797113d40b2271726a87596d02bb7173
SHA512 450be2d2c5c324a655586d67a59d5c417f7a4d7618d07e3cc7d2f349730afe3641285bc312ca1e8f8eff9fa3eafccfb553b37e662e728add433f4cd33fe26483

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp\prefs-1.js

MD5 8f9d61fe6c42719c850fa3cbad3b463a
SHA1 6f3138625a6f6245df0c6f8805b9ee693a310431
SHA256 1061e07e4c2f7818a803170d717ad35c999bb4ef7cbc579721165adba9ccc174
SHA512 19833ae8e2bf5ab000e7e464bf37698d4edb3da985d6513fb33dec82cd2b6709196006eb7356642116385cf80ff300d35c4b9df711f64244a3cd91a6f64d338a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletxfzZp\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

memory/208-1920-0x000002AF510E0000-0x000002AF510F0000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win7-20240508-en

Max time kernel

299s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2220 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2220 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2220 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1724 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1724 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1724 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1724 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1724 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1724 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1544 wrote to memory of 676 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1544 wrote to memory of 676 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1544 wrote to memory of 676 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe
PID 1724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe
PID 1724 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe
PID 2468 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2468 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2468 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2584 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqYxHh2

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqYxHh2

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.0.2001298877\774038814" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {1520db8d-7a87-413a-b713-fda482ede574} 2632 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.1.2122643475\881782884" -childID 1 -isForBrowser -prefsHandle 1736 -prefMapHandle 1980 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {b216ee02-74e8-4776-8dc1-9a49ebc7c642} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.2.1543132822\949368862" -childID 2 -isForBrowser -prefsHandle 2272 -prefMapHandle 2268 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {74d7ec7f-b46c-4fde-8bb5-40e5a86231f1} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.3.1753594007\1481771900" -childID 3 -isForBrowser -prefsHandle 3004 -prefMapHandle 2328 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {c03e6f2f-5acb-47db-8e77-a56eab1fe103} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.4.636926740\180392171" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 1076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {296916f7-1755-48eb-8d96-e2bdd2dd41c5} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.5.607064992\1731261181" -childID 5 -isForBrowser -prefsHandle 2792 -prefMapHandle 2776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {f1464844-cf21-4ac6-a97d-4705886e4b13} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.6.866042928\71715058" -childID 6 -isForBrowser -prefsHandle 3084 -prefMapHandle 3088 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {1ae31c97-73d8-4a07-9e12-18093ad2d796} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.7.1396549884\1970517623" -childID 7 -isForBrowser -prefsHandle 2572 -prefMapHandle 2560 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {639f47c9-b2e0-4836-b4ba-b0d63237ea47} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.0.313287814\1966420707" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {19430caa-0a57-4c53-9947-5c64f8069b8f} 2144 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.1.417336136\235718726" -childID 1 -isForBrowser -prefsHandle 712 -prefMapHandle 556 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 588 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {5503199a-2ca8-499e-9897-81591d12059d} 2144 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.2.186503697\1181243881" -childID 2 -isForBrowser -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 588 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {5f848293-68a8-483f-a574-1424329227f2} 2144 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.3.1953539500\1323987599" -childID 3 -isForBrowser -prefsHandle 2292 -prefMapHandle 2604 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 588 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {f3c08281-b668-4946-aa64-0e8213744a25} 2144 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.4.1320446094\1712780378" -childID 4 -isForBrowser -prefsHandle 1072 -prefMapHandle 1068 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 588 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {cdcd4d96-043d-4f9c-a699-5d09275a12c1} 2144 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.5.1174624019\1554772813" -childID 5 -isForBrowser -prefsHandle 2936 -prefMapHandle 2940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 588 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {01edce81-4975-46fa-8ab0-9b0e9d0f6dc2} 2144 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.6.1538787690\1491958801" -childID 6 -isForBrowser -prefsHandle 3096 -prefMapHandle 3100 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 588 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {7b370ead-3cd1-4848-be01-7af07540a4dc} 2144 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2144.7.2058338771\1663794630" -childID 7 -isForBrowser -prefsHandle 3420 -prefMapHandle 3292 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 588 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {cdb2bdf7-dfba-4092-a4fc-beeb3a3a3257} 2144 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegDLUTf

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegDLUTf

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.0.1880167505\1921751166" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {367a4501-5a86-4846-ae8b-9fab9091fa4b} 812 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.1.811044909\1413130372" -childID 1 -isForBrowser -prefsHandle 1204 -prefMapHandle 1596 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {8869b675-2bb7-46a8-99b0-02bccf72d653} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.2.2047097123\246261704" -childID 2 -isForBrowser -prefsHandle 2140 -prefMapHandle 2204 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {70166766-0dcb-4e06-a71f-f771d69d3878} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.3.90763807\1900079182" -childID 3 -isForBrowser -prefsHandle 2496 -prefMapHandle 2480 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {a0d823ed-3f23-4583-9e46-d2af569d74ff} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.4.1766568783\1554784235" -childID 4 -isForBrowser -prefsHandle 1072 -prefMapHandle 900 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {5b7ef214-bdae-4ca9-aa7d-3c39687bd76f} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.5.2075957217\2076237694" -childID 5 -isForBrowser -prefsHandle 2904 -prefMapHandle 2908 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {d9f6837e-4284-4dc9-8aec-d21c984ab530} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.6.76273375\149108662" -childID 6 -isForBrowser -prefsHandle 3060 -prefMapHandle 3064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {d6d97b1c-7ab7-4ee1-994e-9b1e27c18c2d} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles5pBMc

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles5pBMc

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.0.560058603\62294433" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1192 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {3e92a4a3-d42e-4b0e-9d16-b597e84b5a02} 2452 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.1.1255734431\876060997" -childID 1 -isForBrowser -prefsHandle 1904 -prefMapHandle 856 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {788af6c7-440d-4938-b150-99edc5240458} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.2.1958207448\863457751" -childID 2 -isForBrowser -prefsHandle 2344 -prefMapHandle 2348 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {88b2b54a-9ac5-4c8a-a680-2386fa43ad5b} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.3.1504151217\1274492318" -childID 3 -isForBrowser -prefsHandle 2584 -prefMapHandle 2588 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {f67b3d65-3dfa-418d-8f19-c64a71fd7222} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.4.1111965973\1242338961" -childID 4 -isForBrowser -prefsHandle 1648 -prefMapHandle 1076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {86b9dee8-f02b-40e1-b0f9-75a837cd13ba} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.5.361749453\1956068066" -childID 5 -isForBrowser -prefsHandle 2940 -prefMapHandle 2944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {b2b70958-75d1-4951-8f9c-8ae0a4949011} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.6.931945375\1431411607" -childID 6 -isForBrowser -prefsHandle 3104 -prefMapHandle 3108 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {5a27ec14-e6bc-4eb2-b009-93d316f6e07d} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.7.143464091\914464596" -childID 7 -isForBrowser -prefsHandle 3472 -prefMapHandle 3460 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {7a3cd189-c056-4d2b-a128-fa89878250ab} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.0.270975467\1209497445" -parentBuildID 20240416150000 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {9d50731a-64fc-4dbd-96c6-4ba8b02db312} 2616 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.1.264728392\1069946428" -childID 1 -isForBrowser -prefsHandle 1740 -prefMapHandle 1708 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {ae1c0b87-c87a-479d-81e9-17efedb4ad5a} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.2.1315395072\1241906388" -childID 2 -isForBrowser -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {d8b9bccc-560b-41b2-8a3e-1a85253d3405} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.3.1547542437\789372119" -childID 3 -isForBrowser -prefsHandle 2604 -prefMapHandle 2144 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {433e3362-9387-45d4-9096-90c77017c52b} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.4.1045162423\582384835" -childID 4 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {1bcf976e-9432-4881-b651-93d306848949} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.5.1695079967\472759698" -childID 5 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {436ff70f-0ab0-4c58-8c09-7649eacd4f91} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.6.81191363\523569466" -childID 6 -isForBrowser -prefsHandle 3088 -prefMapHandle 3092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {891aecc1-47fe-4f94-bb38-5efe522f5350} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.7.936652633\160918446" -childID 7 -isForBrowser -prefsHandle 3368 -prefMapHandle 3364 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {faa65f37-379a-4e25-a1d0-dffbf4b2f71d} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.8.1069754622\1521072879" -childID 8 -isForBrowser -prefsHandle 3504 -prefMapHandle 3420 -prefsLen 25332 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {267aeb0b-d421-4752-8df3-02bc31a2f1d4} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.9.579122828\473938984" -childID 9 -isForBrowser -prefsHandle 7588 -prefMapHandle 7584 -prefsLen 25332 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {fdca522d-43da-4cda-870e-733067e8599e} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="2616.10.73221293\960660729" -childID 10 -isForBrowser -prefsHandle 3760 -prefMapHandle 3804 -prefsLen 25332 -prefMapSize 245849 -jsInitHandle 544 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {47393b3d-2d2a-4848-820a-7e7a72085720} 2616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN4vOiO

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN4vOiO

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.0.1897014949\2108158599" -parentBuildID 20240416150000 -prefsHandle 1236 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {e41e3cdc-fe2f-49d3-9072-259a7b14ab44} 3916 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.1.1685950898\2059429452" -childID 1 -isForBrowser -prefsHandle 2260 -prefMapHandle 2080 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 712 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {73d98930-d5b0-4ba5-9903-93d05ce95837} 3916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.2.525344439\1029733922" -childID 2 -isForBrowser -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 712 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {6f5aed66-f16e-4fef-8904-e0ec940f79c6} 3916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.3.872286753\100191633" -childID 3 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 712 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {9f640d96-ea4e-4107-8159-7c3fb073edac} 3916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.4.1559076344\791430274" -childID 4 -isForBrowser -prefsHandle 1056 -prefMapHandle 2728 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 712 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {2de0af54-af23-4e80-bfc3-38f2c416f43e} 3916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.5.407707139\1921778733" -childID 5 -isForBrowser -prefsHandle 2956 -prefMapHandle 2960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 712 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {68dcc185-0eda-4861-8080-17613e8d9124} 3916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.6.212646178\1148453648" -childID 6 -isForBrowser -prefsHandle 3116 -prefMapHandle 3120 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 712 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {4ffcc29a-f97e-453e-ae57-21dd8ea9bbdd} 3916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.7.2130294998\152225675" -childID 7 -isForBrowser -prefsHandle 2804 -prefMapHandle 1720 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 712 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {0d8b6c13-8767-4f8c-bf94-55782a085253} 3916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.8.1004190001\181703771" -parentBuildID 20240416150000 -prefsHandle 3516 -prefMapHandle 2332 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {ef3fd28a-f952-4403-bbb4-bb31b8e4af79} 3916 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="3916.9.1602150983\758179889" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 3504 -prefMapHandle 3508 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {263c666e-c79d-4e9d-88d3-caa920891789} 3916 utility

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe --port 49466 --websocket-port 49467

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefOUPaw

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49467 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefOUPaw

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.0.1404932221\1149138587" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {6f09807d-5828-4750-983b-67d6a7e3747c} 948 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.1.1321586289\647139967" -childID 1 -isForBrowser -prefsHandle 1664 -prefMapHandle 1952 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {73639e84-2e02-413f-a5b9-d1044e2eb46b} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.2.1615989738\2027203296" -childID 2 -isForBrowser -prefsHandle 2108 -prefMapHandle 2000 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {a17f40b0-805b-4d7d-963f-34e5badcdaea} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.3.1532563033\729700086" -childID 3 -isForBrowser -prefsHandle 2588 -prefMapHandle 2016 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {aef6b844-7485-4774-819e-c08ef8680df6} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.4.1281957275\157518958" -childID 4 -isForBrowser -prefsHandle 2832 -prefMapHandle 2836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {8ce67b19-82fa-4356-abb2-f69c02c0cb31} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.5.598532609\116517801" -childID 5 -isForBrowser -prefsHandle 2956 -prefMapHandle 2960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {b521ed52-a22f-42d3-a9e6-c4caf4261417} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.6.782858582\144826375" -childID 6 -isForBrowser -prefsHandle 3116 -prefMapHandle 3120 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {a0dc2519-4f20-47cd-acb9-bb91e9259079} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.7.232577631\1182303609" -childID 7 -isForBrowser -prefsHandle 3472 -prefMapHandle 3476 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\browser" - {6d444038-fa00-43b1-866f-e042070419d8} 948 tab

Network

Country Destination Domain Proto
SG 51.79.156.173:443 tcp
PL 45.141.215.169:8430 tcp
NL 194.88.105.13:33914 tcp
N/A 127.0.0.1:49570 tcp
N/A 127.0.0.1:49572 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49665 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49700 tcp
US 104.238.205.167:9300 tcp
DE 148.251.91.87:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:50209 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50244 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:50707 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50742 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:51144 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51179 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:51702 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51737 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:52341 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52376 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:49466 tcp
N/A 127.0.0.1:52937 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52972 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI22202\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI22202\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI22202\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI22202\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI22202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI22202\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI22202\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI22202\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI22202\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI22202\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI22202\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI22202\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI22202\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI22202\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI22202\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI22202\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI22202\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

\Users\Admin\AppData\Local\Temp\_MEI22202\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI22202\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI22202\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI22202\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI22202\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI22202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqYxHh2\extensions.json

MD5 062686661c49cf30ebd907fc1ccce6e0
SHA1 951d36d26fbc78403f141b8d569bcfd8c3c03834
SHA256 7e11caf2fbd9e89fab10288d00ed2701848411c40a34051529698b7fece06e11
SHA512 2899f91b687b03a429345d0b8e406c361832eac4399ec0f58d53daebe21423db961c7689e6ff3c91e5a09745df3a6ca4a8b3f3d211b8b2e94f7e80695cdd321f

memory/2632-694-0x0000000007890000-0x00000000078A0000-memory.dmp

memory/2632-695-0x0000000007890000-0x00000000078A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c9464d06dc4ca122e4bdb301f289ca3f
SHA1 e7b75166f44fb07bb96a5b74e6d0237a8098e30c
SHA256 c6a037419791537c6855d6fb39566eb6e05123e7e4d021bdd9d9283f2f621431
SHA512 ea3b57e4dea5394df2efc36a3ed16f825d104b3b189eba1b30380265f8f7b7ddac2d472788010f68a4d685337fab0c45cdb096dc11fa3d831a0ee244e403cfe3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqYxHh2\prefs-1.js

MD5 0f9f37d634a8f20a7a54dfd2c13a09ba
SHA1 db5921115799209149885ebb0d57139614b94215
SHA256 5aeb8c6f4164cd5cef26997f0d98ab109670961ea8b05a3e31279143a9d5d862
SHA512 62cb8e55a2c72c117a70df5edb84ba634e7238274fda353ed480041ecd08e36d0824fe321636c7f122e772ea2088cb0aa75e97dcc2b5daf3839af2f7b5c97a08

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqYxHh2\prefs-1.js

MD5 49ea231c9086255ae0013076179da57f
SHA1 f01de5fc6ce87f80ece34db7d15a4dc786ba46fa
SHA256 36d036f5ebd2192add7f3a5045c75c666dc830ce37ed84befd51f2580cd932ba
SHA512 2befb455d34476dd71be5119abb07cfeb162cb864fae9859e6927809f93c2c917863c84c05971243592d9764c22acb69e19ed40d49ae59afc4916f92f27a55ba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\prefs.js

MD5 0f6d98d428df1ecfe74676cbc1c29463
SHA1 effafc8295f6422f9f3ae5df17f67887bde515b4
SHA256 b50fe6cb4cd0ba1a329cc895dba78701c78ca2a1888c20106efdb6d140485048
SHA512 9a953838bb3a4661137f3f5042e07a1b2f78a0ef44e2101400e26f6907187836ec8a04728b120ced24b4b7481906f520fd1fe0d23eb8577ae6050e7256013c69

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\prefs-1.js

MD5 2fda2aa6bcfdcf7e7b1ece3704feec9a
SHA1 ffa86d35fc42014c8603224e52fac1eb23ea6cec
SHA256 fa822119c36b4fa447dad27473f9eedcfb8e5badf44bcf90fd0d128198d8acfd
SHA512 fb103ece5be6e01ae5cd614caf2cc4b69ce8ec2ae1b7660f8d9ed0e3d39e8c2a8b71a40f8bed77fc9aaeb8ba9ce16a1fc4799f3c03ce94c2d61e193008e1eafb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\prefs-1.js

MD5 8bf8868ca25d7e236853026a62a2679f
SHA1 605319e9265d029b41e13b08c7457181f7829c93
SHA256 1feb77a976192fbb6c090fb878d13f70bc46630b3d314ee1c93f1c12d4c090d2
SHA512 07d0b31eaa6098e91369a0f02755d35a6ca885dce505433a10ca22225d59a96ada4c446b6a69a57648cee37fecd7fba23a964b23f4af1845a770cb6cf87fc381

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelEBSbE\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegDLUTf\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegDLUTf\prefs-1.js

MD5 7489d38b9372357de347461d70e321da
SHA1 253a57371e2238fa790076d3e82197b780abbc92
SHA256 587db53add6289ca844733a7dd722020503218f9132fa6ff1c9b0f11c947ecb2
SHA512 663e1806e5db1e48d2a35aee197e54715b79169e5622698e0cc3679c8a6e2425cd85526b4c4a1eca0adbfd12c80fce653716cd2050fe26715d8157362e064f01

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegDLUTf\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/2452-2087-0x0000000004030000-0x0000000004040000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles5pBMc\prefs.js

MD5 0b3cddbc2a2aac0a32a1d3dafb3a1784
SHA1 afbb425ed1ec94b84488c651702bb5cd5b8494cf
SHA256 e61887f67c9f6556f58e5b2d774f8e2b91ed9cc10737f1e3ceb07e19d0952cb6
SHA512 61514b41f83a965e8b3b16ecceb316803f4614f34c389148ad69ae84e1bdab05431b89e648865ffb3a972cfff6ac2a85ca0a077ccf72cff82df3b60a6283def8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles5pBMc\prefs-1.js

MD5 0dc88673f6151831b1cd5e21f40ad4ba
SHA1 c9738ba7169b26cf1ebcf7a9f0d2c2b90be28ac2
SHA256 e99ea09dc652e0ff53ee7c0a799e06322c9c00b59c7fd3e386eccc0296f65d9e
SHA512 eac7c8ca4bd48afb67891878b195122a25c89d7799b7c53e4d77235f4fd107316f293c97f4def6cc48f7ce6914c90e9333a9156968a5db515e8b12fd703d05c2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles5pBMc\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles5pBMc\prefs-1.js

MD5 196f9a127146ae886eccce0c4ea7d02c
SHA1 7667b458ebf0fb27e7cff69d50049293edb59089
SHA256 69c33074340c6f7cf734726c66e2af588a83af005d916df2eabc91d506660bdc
SHA512 ca61ed8e05e20c05195fb542ae8fc08b3f04dcdab6520ad1070bc021f6b67fd3d22ba580de4b3f42a8ffe03a835502e5c4b2a116489e71d8a97d355a1322d67c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles5pBMc\prefs-1.js

MD5 de992079ea613f37622948737489c3c4
SHA1 1dec68d38e53589017f8671125b90fc944728a0d
SHA256 c88432b470236211f245b40663fcee0bdeb8451b4080f87c4f7b0801a60637e0
SHA512 9b006f1f1332ca05ae306c220c44b8c8e9fb1fe49c64d11266b286c34a9eb8254bd9ae62ac18a65d6a9dd34d64c0e26a40f626f5574db179f35322b03580e9d4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB\compatibility.ini

MD5 11c707e7138da6b886c59877a2858f7b
SHA1 1882fc268552c6056d21eb8954e83fe2e8844b31
SHA256 8ce9056efc9b3a94d0a0c936f94ce839a038bd27ee4c495f0abe5333522a643d
SHA512 02a1d9b55279c4b61fc9658e948bc3e2623e881bc3450a0a67c13c82acc70f07d51214b24cc9f05454685f8ef430fbbec8d52a93a353bf259cdb1d0c00d108e7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB\WebDriverBiDiServer.json

MD5 b9f0a646a56a46ea99f40b7b2909b3f1
SHA1 3f2e6a2831d9215a9eab951bdd4f69adafc0fbb9
SHA256 a34e663ab4f98b7e468ff0e88330ad94400d7ec8fddcfea2402bfa09d70d9cfa
SHA512 2496616160696a57b17f45808d8484ebbd636c76c6d259ad7c2909f5751c43964200663521cdd6d1e3df837b07d3036cdd7c0e16b8ec1d69ae5cdc9310abaf98

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 a22a8cfbaaa9885a17726e30d5e0c467
SHA1 68d0998d40d88a20e3e1abd0600d78c3cbe5d5ab
SHA256 c10b6ee038dab80a13131c24a00dbd8d5b9cba4bcca5feefa5e86f53f357cadf
SHA512 de76c69d8d080b1cb3dd22913e091eef9f41f75068b49739f01287d8c079c0a7c1227056403af8fe0521b570b9268f8d9d84f0d47e7bb4ca323205658cede8b8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB\prefs-1.js

MD5 39d89ecfa235ac7b003dc83f0f0a2a75
SHA1 dceb32294f24cd08ab708e4a5f1bb10b143aa478
SHA256 3731fc03a9e031681704a04c5fadbdb17707fac3d886fbcfc1ee3233484f2beb
SHA512 d097c01115dbeb3903d06ddb8bd9616646384b0697feb58a905abed6770359ce133001b462b5e12924951664d4e05ed73cba742c3a26780c36c997283ad3d04a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKGwvoB\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN4vOiO\prefs.js

MD5 1c4319da982da0fa8092d46cabe816e6
SHA1 59203bd4409d0b5e837c8b964c2c832106b451f9
SHA256 3d6466fad329dd7ab452a008d180a3fdc4df983d3f453c8b69d3d71996ef1d09
SHA512 f02afe499595417ab6cbe601f7e9e9f6a92fdca8f189417eedd230d97b5aaf24c80bfc5128d33d5d6f9be06e9b14b2fcdba79ddcd7ae873a28661b9fa70a1d8f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN4vOiO\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN4vOiO\prefs.js

MD5 d403eaa99ff19d26ac383e4d9b2383ae
SHA1 c3ed1020e91d09cbf43618ed3b45e55397ab02f4
SHA256 ce5dd31993f3da03fcd7e66e71563c7dc6b4da8eb612ed13516af727ded06a86
SHA512 9224366d39927586c85697ea86726176b1856fb63aada64197cff9edd6ec8a2473a482b52ef2badee685e8e125cd69024519ad2791426fa78b0939eabb8b524c

memory/3916-3308-0x000000000C050000-0x000000000C060000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN4vOiO\prefs-1.js

MD5 d847bb711530df544ea0491b8feeedff
SHA1 c57d9284cc8f330b2b3451baf9203e5eae2cd1ff
SHA256 b107cd83f42d0fac1a98eac4d73cc43216ddcf544c1eb9993ce72c875de98ea3
SHA512 a7250d7f4f4799fd1feeaa45c0e16c8c6059edf8bb4e1c81bca70ec73b71236031eea450b0894cc53258f6fd90eff2911ecf4d1d8a99ad017f2c5b46f65e7404

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN4vOiO\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

memory/948-3725-0x00000000040B0000-0x00000000040C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefOUPaw\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefOUPaw\prefs-1.js

MD5 9f1e08be60f03aebf4c77bafa7fd2598
SHA1 740641d32b16d573fa5df3ab1546fc09821818c3
SHA256 0185c95ae09108a5b5fceceab0448347304bb17f610dbc42ea5713f867b33e9a
SHA512 5e6396e5301c3013b40dae4fef19e36fc1c0bd5ab9a1175b642851436e1b1edc82e565655cfd9c9f4f82026e75abe0fc4f1f1002ed5fc6d84ea47da3e0831558

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefOUPaw\prefs-1.js

MD5 4a27c0fb391ab99db3239933fcf1c7ae
SHA1 77b2fe5d2ff50fe86c47cdab4130890a5c098110
SHA256 2e971969c6a6e380e26e61b9523701af82ff27af41159e50e1a41196e3674110
SHA512 76ad7ce8c795b78721e5ec25a8dafe9b8db994ecdae7992525d714033ec26cc510dd5651f514fd6a6c9f3ab4fd735f1d0bf6136e10a92c0c3dd5d677a3b098e6

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win10v2004-20240426-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1616 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1616 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4456 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4456 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4456 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4456 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1740 wrote to memory of 4708 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1740 wrote to memory of 4708 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4456 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe
PID 4456 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe
PID 1964 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 1964 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 4120 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe
PID 2668 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 54314 --websocket-port 54315

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZfURNh

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZfURNh

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.0.57647039\1553526125" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {92ff02f1-2480-4c79-82f8-1343f2207c37} 2668 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.1.1346534005\1070426772" -childID 1 -isForBrowser -prefsHandle 2488 -prefMapHandle 2692 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {acd996e2-f7ad-477d-8941-aaab4d0a9814} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.2.1466370610\1179286131" -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {f9597c9b-cb2c-4d4b-83fb-14b249e1d102} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.3.1098233341\836951755" -childID 3 -isForBrowser -prefsHandle 3408 -prefMapHandle 2540 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {ba403b65-a2a1-4cfb-b39f-a14e106d46f1} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.4.744078185\960695742" -childID 4 -isForBrowser -prefsHandle 3836 -prefMapHandle 3848 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {db4384e5-d1b8-4bd9-8f7e-9705d02da9a2} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.5.1880503092\878736937" -childID 5 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {b1b4f914-28a7-4f5b-832a-8aed572f6443} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.6.203111136\335650948" -childID 6 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {d106af40-cacf-46d7-80aa-3bf6894f3fd3} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.7.359642236\168305670" -childID 7 -isForBrowser -prefsHandle 4588 -prefMapHandle 4584 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {e0baa017-5ab6-4480-a322-de54024a22b4} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.8.1938922054\963632654" -childID 8 -isForBrowser -prefsHandle 4908 -prefMapHandle 4924 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {6429caf8-bc0a-4853-b9b2-d0c292035932} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2668.9.2112451242\1333821394" -childID 9 -isForBrowser -prefsHandle 4528 -prefMapHandle 4752 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {991d06c9-07db-419c-a436-af7374ca9a28} 2668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 54314 --websocket-port 54315

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.0.1778266411\612405481" -parentBuildID 20240416150000 -prefsHandle 1648 -prefMapHandle 1640 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {de720ecc-7fb4-42d8-995c-184ced233554} 5724 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.1.515281020\2003433218" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {cc825d0a-29c8-4b1c-8ff4-41ecf8c4e38a} 5724 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.2.1868466735\642833160" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {db860d8c-2b2d-4a36-983e-099706c3ed83} 5724 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.3.366869622\436557815" -childID 3 -isForBrowser -prefsHandle 3316 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {e342628a-2172-46b1-8748-b6e9d235425e} 5724 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.4.1413101627\530173305" -childID 4 -isForBrowser -prefsHandle 2832 -prefMapHandle 3492 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {1fc67f89-6048-4d18-b648-8aa2c75fed66} 5724 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.5.719662822\1909728836" -childID 5 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {4aed0f4a-d6b5-43a4-b544-cdd8e3944d1c} 5724 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.6.1926939241\565676903" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {74cfe7f1-9987-4365-9b92-6ba605cfaa54} 5724 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="5724.7.469056946\1317174543" -childID 7 -isForBrowser -prefsHandle 4612 -prefMapHandle 4616 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {de16e788-5ca0-46af-befc-452f2eed8bbc} 5724 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 54314 --websocket-port 54315

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.0.1533191877\20565029" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {c637eafc-7b74-412f-8509-42cc91ae0dd8} 3912 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.1.843574534\574708043" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 1240 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {696bd1ea-17e4-4392-b065-cbddcea494d5} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.2.2015744227\1092457837" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {4125e54e-74d3-4bd6-a4a7-d1868bb1da26} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.3.1305307322\409517888" -childID 3 -isForBrowser -prefsHandle 3348 -prefMapHandle 3336 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {a8d41385-8dc8-487c-8c20-5a2c3020fef4} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.4.2025845973\1984039859" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {59e01708-03b8-47c9-80a0-9f6427dbc3aa} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.5.321406054\1751486537" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {503fa221-3065-4f80-aff7-bdc1e5d0ed47} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.6.768299270\728266771" -childID 6 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {4f3bcd3a-6fd4-4829-a777-46ce2b9ca1f0} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 54314 --websocket-port 54315

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenGwArA

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenGwArA

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.0.792714132\1112235908" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {c64b06fd-0881-4dee-84dd-1c503e5de33c} 8 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.1.957118499\242163988" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {8295825a-06f3-45ff-8084-81831f81a677} 8 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.2.358558194\965951184" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {2b5c7449-3137-4be5-89e4-e00827fd963c} 8 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.3.172602538\41345146" -childID 3 -isForBrowser -prefsHandle 3584 -prefMapHandle 3604 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {86ace525-42d3-4cc9-adee-70360856f40e} 8 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.4.179475212\1829696096" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3812 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {e0095761-df36-455c-82ea-493d3fdfdb44} 8 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.5.201619348\976913581" -childID 5 -isForBrowser -prefsHandle 3980 -prefMapHandle 3984 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {7fb56461-ad03-4a02-9442-e21f06cf86e1} 8 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.6.1823395101\1228651502" -childID 6 -isForBrowser -prefsHandle 4168 -prefMapHandle 4172 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {6dde8db5-8a06-49f8-a05d-f6cf4e7e352d} 8 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="8.7.2103278487\840650342" -childID 7 -isForBrowser -prefsHandle 4456 -prefMapHandle 4460 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {30df25cf-f8ba-445e-adbb-5fde08c83639} 8 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe --port 54314 --websocket-port 54315

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0tGDni

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 54315 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0tGDni

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2032.0.1328509296\838024356" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {ac391bc0-a20d-4069-ba0b-88e0a55c9e46} 2032 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2032.1.9287849\774150300" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2680 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {65e84dd9-fbfe-4af5-919b-47d40a0d87b6} 2032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2032.2.73638852\1011394552" -childID 2 -isForBrowser -prefsHandle 3144 -prefMapHandle 3140 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {942824ca-c854-42a3-a3dc-d642f6c30f3c} 2032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2032.3.894497075\694368652" -childID 3 -isForBrowser -prefsHandle 3308 -prefMapHandle 3312 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {d788e452-63c2-4812-a887-12bcf92b4bb4} 2032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2032.4.1604511640\168375753" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3756 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {3fe2e8ec-8e63-43d9-84a1-f8df821816bc} 2032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2032.5.1562490834\706863665" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 3784 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {34d9489d-a836-4ce3-bef4-8a86a26633b5} 2032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2032.6.1635286232\1601479845" -childID 6 -isForBrowser -prefsHandle 3772 -prefMapHandle 4100 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\browser" - {d18b451e-992e-46a5-b0cb-26a92b430721} 2032 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
PL 45.141.215.97:8100 tcp
DE 144.76.86.5:8080 tcp
US 8.8.8.8:53 5.86.76.144.in-addr.arpa udp
US 15.204.141.95:8080 tcp
CZ 87.236.195.203:443 tcp
US 8.8.8.8:53 203.195.236.87.in-addr.arpa udp
US 8.8.8.8:53 95.141.204.15.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
N/A 127.0.0.1:54417 tcp
N/A 127.0.0.1:54419 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54523 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54531 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54938 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54946 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:55241 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:55249 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:55532 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:55540 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:54314 tcp
N/A 127.0.0.1:55913 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:55921 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI16162\python38.dll

MD5 9e22a213eb2d5d9727763e0f15d74894
SHA1 b3443ea96194879ce1d0600f1e4671877814e95a
SHA256 784876f6320f53755b6204bbdcdfa056fe0a4c742f0ef4bcc7acb08df51dbb46
SHA512 4cf6f2f353d74f17aaf0522b6c641dc2607b95ebcd5fab8e9ce9611203c6f46f6479562d014ccbc56dae091a909f390f0b11d4b358c27eab49604450d90b99ea

C:\Users\Admin\AppData\Local\Temp\_MEI16162\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI16162\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI16162\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI16162\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI16162\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI16162\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI16162\unicodedata.pyd

MD5 d76314cf65664a923e29ab5023d2bee1
SHA1 d127d4e578daed8fbc18ed2fe7fc583dd85b78d5
SHA256 99846f419afbfeb343b5b4d28bf2eddd26f34273796f71fba80fd9223744e700
SHA512 e40d59ca0ac4d4f732a631f0836449e01c682fc107848ad62945c6b070549c85979ae65ef75ae93dd9de603f62120e109ce5271a0d047edef42b03bd8496a5c3

C:\Users\Admin\AppData\Local\Temp\_MEI16162\top-1m.csv

MD5 e332a31381c6ca9db2b50f1ce430d38d
SHA1 f89de1dc4757367477344ec569983fa8004de7fc
SHA256 499a94f6ff83bcd4389e3e590c146a19a51a10dd4c12f077e7510aa209a5bc0e
SHA512 d7f14f04fc25fe85a3981eefca46a6bfeed806447a9c443347572b9a7dd5e8ab038c77e07f4413190b5e4ad0286d7d83860bc51ed516a29f962df80973005ca9

C:\Users\Admin\AppData\Local\Temp\_MEI16162\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI16162\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI16162\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

C:\Users\Admin\AppData\Local\Temp\_MEI16162\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI16162\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI16162\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI16162\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 486fe872808014e51f75515c56a40cb6
SHA1 e7fa97e2e174aaa9badd0a04818364a9083874be
SHA256 90f55bbc9ddc538491475502e381a01c26472773900c41c1db19bc89860f6a08
SHA512 f2b0cb9a683e3e19d995040339660da9f2903dff885fba6f5a76adf7113e4d0789aeb295b4a33905615bd9efb8c733ad8cb349af6ba8015e0013546aea91ee8a

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 b5c12d055da1a860c64e12fa500bf3df
SHA1 a609d35d60c8fb3b95e1c6d8d632ab4abcb56577
SHA256 0d2bcf89b48e95fe3b4a9b58e6cd24c1731559bd15f43cb3adb7421f67f00ee6
SHA512 0c0c75e4048c51af99ca26f7eae072ca4d432b09802cab168c467ce1801603594046e1a873502546d76e7b573a182b47a145ef885a3b12c86cebce751a84a303

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 a25f4695bbc2cc3bb10bfc72fe8c7c91
SHA1 746ab4d71282026d95f6ff41dbec04eb801f0ff3
SHA256 a813d451fefd83c27db756cb1482a8877ef260059ac06eceb462c07f16afcbca
SHA512 914a179074abbb31753501a96d0be7271af768c91dfdfa25f57d97ea65241fa5fa2fb64c3b07e069e2e745a99775cc45a8695a6581950246ad741166344602a0

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp3911qhcw\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI16162\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI16162\nss3.dll

MD5 2d5fd8bfe3ed56d6021bde0105fc4a47
SHA1 ff42d7e8895dc873bb715abe0684ac6a6706164d
SHA256 b18dcabb3a7a1d313d7988669c82b7e510f235d1cf7c6eb57985bb5522c99f33
SHA512 618f5a56677eaeafcba31c25e2377344288fe58da8b8f81bc7f9b6337ce9f5986e9c2e9a2846a35b879dad5740cdbffa55f62af6fff50ba80314bcd03d416079

C:\Users\Admin\AppData\Local\Temp\_MEI16162\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI16162\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI16162\libssl-1_1.dll

MD5 1175cb8c65897b96d9056d6019ecfcef
SHA1 7fa092cc4659ff6d0a9f8a93734bbb36fc1d5802
SHA256 27bf6039b7464fa08f128a832458efd263747e1a727217729533ac20e3fb3648
SHA512 460cecca06cfee78d371411d881e80f7508d8c2e2a442e60b757661a86b2a0bc1c150bb6d8c9eb00c564f040d1ad34310556fa8ec561910f6bf4b79e15d45c7c

C:\Users\Admin\AppData\Local\Temp\_MEI16162\libcrypto-1_1.dll

MD5 22f805d81bb63c361749aa058a2c2f3c
SHA1 721c3f519b4c8235d13805cf78433955b5762a94
SHA256 43740842e5fb5053106300fd1abc1eec7f8dc967331169ca7f866ebfda0f7cb3
SHA512 731727624516f2cd9d61ed7df0af1cd99b93a5047ad83e39a8aee7e9804f88482f1d486d0adb5b75c2cf05612dd566ddb7b8a4a4b49bd395cb298c7ed17de61e

C:\Users\Admin\AppData\Local\Temp\_MEI16162\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI16162\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI16162\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI16162\geckodriver.exe

MD5 cc3d9fd2d0d1fe7415f80f1b8338bb83
SHA1 4a2ce0dcfe92fa580b235d025fbb87902548f78e
SHA256 65f327d15e6634a75457968c1351533a5fc92a906487611a3a78d380c54b99b3
SHA512 da17ce903cd4c09ebe53345940ca41d34089958b225537e727301273ab5845419d36a86d0574567b73b5dc7031c1bcfbd86106651db8f10ac413065dd27607d2

C:\Users\Admin\AppData\Local\Temp\tmp3911qhcw\webdriver-py-profilecopy\favicons.sqlite

MD5 32e1af8b6f514629b8c12fd70d930375
SHA1 99ed7ac160e46d8106ca4994cf6077242ca2c116
SHA256 688f8b323d6e0a6a79984ceedb4b946285ba72e66ce2eb1f9c4afb91b4f5535e
SHA512 ec49dc425cf18e454f8ec022a31f8739a3502640041b6d38fb4c688e43e1a4102d33c66de8718f079fb45acccad58a267514c1b7927d83346f42ab7c9716a3d0

C:\Users\Admin\AppData\Local\Temp\tmp3911qhcw\webdriver-py-profilecopy\places.sqlite

MD5 76751f2f03b393fca965628f50b0c8c3
SHA1 a172d5c43e37ca1e00234426cdf751ffaa0f494a
SHA256 5470d18e2c1a49035a23416e6d35e6eacd8f2f8492e40e93bbfbd673aea328db
SHA512 8f451ae2d118eacceb410ecc4779be90c911aff0bb0f0aae5827c1488deab0f77b236f61ac525fef4253c12730c3f2acb4ccf5df411e1c09a947e665ca554bd1

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 583bbac938048639702bcc90dceb8a07
SHA1 31c535418288476ea97281f4dbda387c13330d8f
SHA256 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3
SHA512 ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29

C:\Users\Admin\AppData\Local\Temp\_MEI16162\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4104-491-0x00007FFD8C350000-0x00007FFD8C351000-memory.dmp

memory/4104-490-0x00007FFD8C130000-0x00007FFD8C131000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZfURNh\extensions.json

MD5 7ce1b2a00a684b407e03afc06355b833
SHA1 91295c258e1a1352caf9f92c24ba148fb3ca027f
SHA256 c7393d03f94f9d9bdd5c6ea1adafc325463d6905b02c39729da0997a2322dbd7
SHA512 cf3774d221dd0f5ea49e38b17d2aa9daaeba19016e44fe95403ce53b4a38a491a8858cba4940d467b35340e5115e793c2e4b61a504503a2d1ad4ed96175516fa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZfURNh\prefs.js

MD5 817760505f65c859e91416ebb98b8cfc
SHA1 1bbe78500b03bbaea9b31c6c0334442b7220404b
SHA256 a04518979469c20bd1c10bab9daa6803a9a368db970dd98e00d854763f5a6550
SHA512 ef0f13fbd1669f4f8a97301758c7e624b34b490903ab3b16e14b4ef3a50dd3b56f173fdcef5708fe9ddad3709a34ae96e1e64a98fce238e6be25e5f543142d7d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZfURNh\prefs-1.js

MD5 55b650f49004a012c03fa3857d81ca82
SHA1 8967256b960918bfde89f4a5d411bc0bc8366484
SHA256 134642d7cf3b19a068df5824d82f7e11c19a0705622eef880aa56835033a8b2f
SHA512 28f9d0a0651d35232251259f161d2cb47d1baddbb0ecfbf961931cd8ef4159fd1889b1725e4e9d5e796c2f45c01ce775996172fd60e9fb8dfe892dd24c483d5e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZfURNh\prefs-1.js

MD5 55ae48b88fd797de1a01e1b77a2a83d1
SHA1 5342dd47a4f8ee79220677296d266cfbf78f1b7f
SHA256 2957be469245d1f3252c036cce1fb684d9933be62994ec06aa5e17100421be60
SHA512 2bb3f41e989f20389419cdce393f2db82faaef17bb5d95a68ddb4cef05601ebf22310aa3133972875926e6f32ac3d51b3df4c6a3a8a3a1c705fc5a65f2f68d93

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 2aa82aa1a41c2b44f32ec28ed0e84250
SHA1 6d1ed851fe72521a394c2890f4a771107a45989d
SHA256 efc2c45d692d5924077825951c6aefdbe1fa785e2261d410d5d61a074c826c20
SHA512 0f8df156536fdb1c17f94b10d05faf2daf2a7b45ef239d46be3120fb0d13554786ab19bcb0e7cb3d8c8ed5375346db779b8ec90a86a2d2b280a65113ac2a5e4a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\prefs.js

MD5 02e8c3cdd014abf617fac88089e7401a
SHA1 3407902e9c3778719a5041af11a7195a75dd7e65
SHA256 b41eb4336d78ed403ffd03f02a5e664ec106f98a0be9858fffc2f9fe1112d38d
SHA512 06b143c5eb16308d61d10dded581345ab62ae73f7ef5a36f03e00d0c156fec205899de5ed207afd162298511a6d232e5278cfda208fd24860a6bb47f3fd969df

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\startupCache\webext.sc.lz4

MD5 0b6cac4c480f9637e27ce6e8fb26023d
SHA1 eaceaca734964b246c7892b17b6b81574f4fd178
SHA256 5d3524ae0273f014082d7f15447ee294dc16a91d6847e3e7c6460eab73937bf2
SHA512 8f10450b8fdb33eae46fd80705c2ee7f5290aace0d68b0972dcb7acba2322289d2ffa5f40d7302a424f08b9b2bc6b6268410daad38c2bc2a2452d0dc5a847410

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\prefs.js

MD5 df759f9913cac01c14d04bf9cab42d5e
SHA1 939a07dce9382f5f25bb69e2df4a7a49cd6cf1b8
SHA256 308873726a165526c44f0e480c6d3dff2226908e8494dd567e96d7325a1159fa
SHA512 857e6c4b9d45f83149b7de520028e669e18b3f29054ac51433852839a106f8592a84dd8f1f0d57230002fb77c0935e9a22e4dd8e6b65173bd6051800623af56d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\prefs-1.js

MD5 15b1520d448301971840776375be38dd
SHA1 da4bf8fc918a16627525fd26b742b91669a9d6af
SHA256 3a8a19b7cf97f39a35e4a9f3b367d150a49e557589187d287d3199df03fa1284
SHA512 bcc1229233cdf93ded7329c6941fd37f4d0892206356c266bf3b04d14d8a7550ec83421aec4f107c30189329fb57c79e0daf709e1f19ee1ce2c3de1d0f4e3c62

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVl34K5\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/3912-1098-0x000001FAC2B20000-0x000001FAC2B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ\prefs.js

MD5 e1b52572252eea8050aece215c6f8248
SHA1 2b49fc52d2cdce5c00070e8894bb4a24636db645
SHA256 cd88536d05bf3002ef1affab428a8d7ead9d80b57cd4f480607e60639199847b
SHA512 bdd1d2dec93de70aaad74c55b289ec510703fa43eca312bb7f6fe15829aee23530d63f95b27882a4c54b400bd4fa3a8e1bf5c824d5bfde84ea5dbc27b2d3eacd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ\prefs-1.js

MD5 1f968954b8ceba0ad6f1575f65d3a35b
SHA1 df77fb00dd6c3a1321a907faf2185ad10947eea7
SHA256 50db3c74d14763a3406ef5b63940927d9acc3f8dfc6a46bf8bd7f56101531ec6
SHA512 059083998a22a3c3a2cbe8fbf33c62aa6d40fefad6cc8ddbadae5d92bc68bf188b7d0c5bbf7720d17d5adde4b30624b74fde4b78ebbaef82bac8a18c437110f4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesSpftJ\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/3912-1289-0x000001FABE720000-0x000001FABE890000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenGwArA\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

memory/8-1451-0x00000247FEFD0000-0x00000247FEFE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenGwArA\prefs-1.js

MD5 06824648eb2b41c0838e38dba628d846
SHA1 c2becc60c0472132dfb1210afb3f19e78e23d6c4
SHA256 87b9fd6f1be0a47cd849e4872588a745e6d983134d9e68d7df49f81cd1781143
SHA512 9810fd1e4eb724b6c4cce92d6c36942d55f86b960d0e86fc223c6d2fe47e28452ae01d1cb36dac10a6e91b568dd4e79ad4467f8086a413761b60fceea934217c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenGwArA\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenGwArA\prefs-1.js

MD5 f29080b46e37a81089b56cd39e99ab86
SHA1 9683073ce265dc591051323958ac7f7c6f7503b4
SHA256 d10b1813969d360f70ba41683c30289faa968ebba46555eec460de715702ce5e
SHA512 964addd986323db69749c10fa06ecf802c83f03136bd19805bdf19fd492151d763e5ceec55ae4ff60ffdafd4df3d42f6ea4094d5dd55e36531126b177077a822

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0tGDni\compatibility.ini

MD5 1606f83a02f6295277ad0ae55801ce91
SHA1 a7758b6fc6c825fdc7b870ea13d5d1059e8a0c7e
SHA256 64073b37c9a826a26ccd16bb724595fa72ff8c153b4dd901db86be74236c7a14
SHA512 4d8f0cd3ca3b66d09451267e7bc5b2cceca5aa380a302224f0936845769d9f4d7007d0825050e32713d7f259901d0a535e7a2f3f685f52f479007a645c199477

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0tGDni\WebDriverBiDiServer.json

MD5 088bb760732b61022a11d74d47a9fb1d
SHA1 90aa0a9e68f2667529a11c2dd507b437ab934a36
SHA256 7a32edc14798071ce166ea7c8970dfb8595fd6515ad56aafb305b6a36de37811
SHA512 0186293c8303aec8f726914484444504bfa1cc28048addefebef35da7e3bacaeb1c13c659554b97e157cae68f6ac6ae0dd43d00498b294ae73c1419599893ff3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0tGDni\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 b49852d9a3dfa5011aa2185eae7b03a6
SHA1 38f01f3c5f62ed0633462966d76915f986e29618
SHA256 b19f43b9ce8978b3879280fc2a72de1d41a4014286b7082bdbcd84b3a0f489e9
SHA512 6815443785d3d718ee9c5cbe282eb2f13108a4ff2998fef69cfd71df0d942df958192706ad475e92a052fdb91c9daadf8e90244fba65057e534eac3ec0bea322

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0tGDni\prefs-1.js

MD5 407eebce88779d9da71727a30fc910b5
SHA1 71150e98ddfa33ff748733ebc6bfa00b95835d47
SHA256 f33cd58c4627b6d612958ba79f6daa4063fed4623878119c18c95f10e16f91de
SHA512 82310ed3e12ced2b9977a81797fc953dc54ab4b9d168c97dffc894240773cdd31757c08ba067d2deeea460c0fb71c17ebcdf9b7a9f6852110c746fa40936bcb6

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win11-20240508-en

Max time kernel

300s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1460 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1460 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3316 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3316 wrote to memory of 720 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3316 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3316 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 720 wrote to memory of 3416 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 720 wrote to memory of 3416 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3316 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe
PID 3316 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe
PID 1636 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 1636 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2316 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe
PID 2612 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe --port 50019 --websocket-port 50020

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAzov6R

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAzov6R

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.0.1610946176\1178069968" -parentBuildID 20240416150000 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {edb5d363-1c88-42c7-9b1a-762169954b27} 2612 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.1.108301972\2056678122" -childID 1 -isForBrowser -prefsHandle 2368 -prefMapHandle 2732 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {f76ca905-67da-49db-898b-e4ffc460da01} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.2.1451022023\391567616" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {956cae35-ec38-4ab2-8914-d6113f5e27b9} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.3.1217878982\311145332" -childID 3 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {4d6ef5af-5758-46ea-9804-b77f57aba73a} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.4.1098691409\69700" -childID 4 -isForBrowser -prefsHandle 3368 -prefMapHandle 3508 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {b4f5dfc2-f77e-4753-b176-8099251c7ea6} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.5.1411789016\1673627977" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {789d0827-ed43-4e35-b285-2d04422eda24} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.6.1357633639\1609047021" -childID 6 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {86004592-1fd2-4de5-8d27-cd3eafcb35fe} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.8.2096872987\1333513908" -childID 8 -isForBrowser -prefsHandle 7944 -prefMapHandle 8112 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {a832b273-9825-4d4d-b3a1-94921dc6198f} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.9.1937938438\1164658587" -childID 9 -isForBrowser -prefsHandle 7700 -prefMapHandle 7704 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {d37e0b52-f69a-450b-8317-351701245e18} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.10.818876573\295429156" -childID 10 -isForBrowser -prefsHandle 7504 -prefMapHandle 7508 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {3599f8b4-f732-41dc-ac1e-5cf5b998e8d6} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.11.959369485\37271803" -childID 11 -isForBrowser -prefsHandle 8080 -prefMapHandle 7344 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {84903360-2c04-4b6d-a5e4-e7197ee99cf0} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.12.310363603\848004736" -childID 12 -isForBrowser -prefsHandle 3924 -prefMapHandle 4008 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {f332d530-24be-4468-a7e9-9e34552ec68a} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2612.13.1607675592\1086176969" -childID 13 -isForBrowser -prefsHandle 7216 -prefMapHandle 7052 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {eb6a2183-f888-4533-b415-e191c6d98ce2} 2612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe --port 50019 --websocket-port 50020

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.0.2013406537\1890917009" -parentBuildID 20240416150000 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {3a0d7021-1734-4ed5-9ecc-315f9460966e} 840 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.1.1497978659\1696784329" -childID 1 -isForBrowser -prefsHandle 2572 -prefMapHandle 2568 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {491dd8f9-266f-453c-b0f2-be251ee6e43e} 840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.2.2060054460\254263614" -childID 2 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {41436c83-397b-441b-9168-d4095a0d5681} 840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.3.2129441498\1707562452" -childID 3 -isForBrowser -prefsHandle 3396 -prefMapHandle 3380 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {3e6ef231-4ce8-47e2-8159-3aa9e37751f5} 840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.4.1263578679\1066294820" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3788 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {ce04a77f-f2ee-4eab-afb3-2fdc3ec91475} 840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.5.1532792994\1233210231" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {cf32b775-5d3d-46f2-ace2-a82346742a1e} 840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.6.99331224\1766907150" -childID 6 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {948c7ed9-5c19-40a7-9e7a-0ac5b93b53de} 840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="840.7.416316574\1238213392" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4460 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {379eed76-8e37-494a-99ae-3674af146fb9} 840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe --port 50019 --websocket-port 50020

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG7lPEN

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG7lPEN

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.0.2082097378\620051174" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {e99f0dad-ae1f-4322-bdb8-cb2e22d3d36d} 4876 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.1.652428706\880644925" -childID 1 -isForBrowser -prefsHandle 2564 -prefMapHandle 2344 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {90609f3a-9a5d-4312-b5b1-206e2ccd700f} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.2.1707869263\151913113" -childID 2 -isForBrowser -prefsHandle 3108 -prefMapHandle 2648 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {b63317dd-921a-47fc-8aac-15a756440442} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.3.786163250\1397944026" -childID 3 -isForBrowser -prefsHandle 3668 -prefMapHandle 3584 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {94c6b3b9-cec2-44e9-9f00-8415ddd03685} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.4.318561620\582156271" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {5beaa651-88cb-486b-94d5-974304eaf0f2} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.5.1759493601\1890714390" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {7ba19db2-7d70-4b5a-8d2c-2e7ccf75728d} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.6.115604259\249977536" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {264a2f00-6404-4259-86b4-3fd0737773e7} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.7.774505221\566428415" -childID 7 -isForBrowser -prefsHandle 4532 -prefMapHandle 4536 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {13c17448-124c-4ee1-9508-a70c70bce76f} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe --port 50019 --websocket-port 50020

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekfI5lW

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekfI5lW

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2232.0.433715461\1340126048" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1352 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {5a94e578-8750-45e3-b723-06d15d8fb372} 2232 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2232.1.874457763\559352935" -childID 1 -isForBrowser -prefsHandle 2756 -prefMapHandle 2752 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {48228ccc-cbcc-47af-b341-925c44795c1e} 2232 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2232.2.131030043\1946049685" -childID 2 -isForBrowser -prefsHandle 3048 -prefMapHandle 3068 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {402fceb0-3da7-47be-92f5-1544209e8cec} 2232 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2232.3.734119618\917929150" -childID 3 -isForBrowser -prefsHandle 3216 -prefMapHandle 3236 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {5efef19d-3204-4816-9bac-4b1b7d81caec} 2232 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2232.4.988224528\2030310041" -childID 4 -isForBrowser -prefsHandle 3320 -prefMapHandle 3388 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {49644e49-b33c-4e07-ae24-98a52a25c2a2} 2232 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2232.5.43369122\740212511" -childID 5 -isForBrowser -prefsHandle 3380 -prefMapHandle 3256 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {484adfb6-41fe-4df9-8575-d57899b5c42e} 2232 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2232.6.1917187926\428625005" -childID 6 -isForBrowser -prefsHandle 1552 -prefMapHandle 4048 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {a955d268-83d1-44c8-8aff-81b03bbb1832} 2232 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe --port 50019 --websocket-port 50020

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50020 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.0.17787333\1128873175" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {978fcb64-fe22-4cf5-a365-bd6ec827fb0f} 356 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.1.993038181\2107292563" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 2468 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {c920c27b-cc89-4ea8-b1ea-393b138d519a} 356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.2.976728005\1216948571" -childID 2 -isForBrowser -prefsHandle 2604 -prefMapHandle 2600 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {f1688993-1657-4e5e-ace7-19e6755424fd} 356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.3.1269154241\1723830753" -childID 3 -isForBrowser -prefsHandle 3320 -prefMapHandle 3452 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {7ad8b9cf-5576-4f38-8e47-1da508614fb6} 356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.4.571379296\218993780" -childID 4 -isForBrowser -prefsHandle 3432 -prefMapHandle 3720 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {301181e1-fc74-474f-a064-bf2cad40cfbc} 356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.5.1406071207\1384075479" -childID 5 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {62e70e43-c1f8-40b8-aff5-b72b64895908} 356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.6.925346213\1520117564" -childID 6 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {c452c626-072c-435c-8716-cced45266c9d} 356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe" -contentproc --channel="356.7.57528493\1939984474" -childID 7 -isForBrowser -prefsHandle 4184 -prefMapHandle 4000 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\browser" - {10dd20d7-8aa9-4096-9d1e-f919adbf49fd} 356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe --port 50019 --websocket-port 50020

Network

Country Destination Domain Proto
FR 82.64.162.213:9001 tcp
US 8.8.8.8:53 213.162.64.82.in-addr.arpa udp
NL 81.161.238.136:9001 tcp
RO 185.198.56.195:9001 tcp
US 8.8.8.8:53 195.56.198.185.in-addr.arpa udp
N/A 127.0.0.1:50122 tcp
N/A 127.0.0.1:50124 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50227 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50235 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
NL 52.111.243.30:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50858 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50866 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:51183 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51191 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:51528 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51536 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:51832 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51840 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50019 tcp
N/A 127.0.0.1:50019 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14602\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI14602\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI14602\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI14602\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI14602\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI14602\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI14602\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI14602\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI14602\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI14602\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI14602\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI14602\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI14602\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI14602\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI14602\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI14602\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI14602\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI14602\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI14602\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI14602\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI14602\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI14602\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpno64tpsg\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI14602\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/884-493-0x00007FFF80AB0000-0x00007FFF80AB1000-memory.dmp

memory/884-492-0x00007FFF81A60000-0x00007FFF81A61000-memory.dmp

memory/2408-526-0x000001AF3B400000-0x000001AF3B778000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAzov6R\extensions.json

MD5 617a51d51ad48c77e006321c8db97b14
SHA1 eda27b6a28ccf6c102868b1402b68f17784993a6
SHA256 761bbddee3d2bdb469d7f4b36f5322a0695e96e7b0b51d7a85ab99a4e6d5a5e2
SHA512 0e6b5df107d3defa416f91e84b0972c800dbe1a3172a9d064448bbb57f238b018e1d73f166b0cc1eacb57b59befb6484d5c1c3932bd56c550ff7358966e5806d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAzov6R\prefs.js

MD5 c7cee41d5bf511ab19f42111a7d94c32
SHA1 317d9e4a0ab612e97b9711b3e1b25a7f8940032c
SHA256 ffea74d2d2d14a3ac17f06a1e30122c67847fc7ebbc5258666d90ba01779f261
SHA512 fc27d359bf5e8d8a2a7c05f312c971a3ac5f8e1c4eae38ffae50ea5bfcb8c2e8fb1b7b4d15acb3344af60568deac0af4830ffaf67b030ee557bf39b7acb6dd74

memory/2612-596-0x000002A3E97F0000-0x000002A3E9960000-memory.dmp

memory/3060-605-0x0000017B23A00000-0x0000017B23D78000-memory.dmp

memory/884-604-0x000002D1B9100000-0x000002D1B9478000-memory.dmp

memory/3544-610-0x000001DDA8300000-0x000001DDA8678000-memory.dmp

memory/2212-611-0x0000027A66A00000-0x0000027A66D78000-memory.dmp

memory/3560-609-0x000001DB21100000-0x000001DB21478000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAzov6R\prefs.js

MD5 c65720d1d5f1afcfc00fd4f3da061d7d
SHA1 6c75535131f278bf88396d27e0ef225644d5b1c1
SHA256 2dddc955ae3c6d13c6b2d18cf5a66db83162c9a818ff6b7f0a0086f0d2d41bcb
SHA512 1ff2018ac85cb2aaa0427555c333c9897ccb61a19c9eb7c9f1e9196e3e5d5b57753044e1c0f86789eee28a1193be96f4b0ebd03c2b0fa371bcf61d8dd6a1fcd2

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 8e3a36611d3517a605895f3f0b94e164
SHA1 b9e5397c612c275a5e7b35cf64c82298bb0139fe
SHA256 f25a9c8127d1b125c97c166bc45b667522680b0c10b2c76239c4fab1432b3f60
SHA512 a5d29f63e86055a4340ea65ce6bad080316eeff97cee09161412e968108f176014f41ca8ab745a4456f66cbfe8fe7301c82cb097954dcdecacd56965d6cfe592

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAzov6R\prefs-1.js

MD5 fc9ed827d1efe56d31f04383555a8807
SHA1 b5604f1d80de849f28d8198e6693c152b8d799ca
SHA256 0b107e77e3f17e02fe9c3e99d0445f2e8d6427644b970a5ed7e3a9ac5d1ca015
SHA512 c6f3cb9dc5852f4baf598cb7816d51ea0edcf597bb8af5c1aa60feb1feb28603ab0df08dd13486965a3bb6c5111170f7510b5646ef360c360a1129a0ac444fe9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\prefs-1.js

MD5 95ec6321db553316a54904229c4758d8
SHA1 9a63ff6d7cb5cee237d1e66afddc42e71ccd70cd
SHA256 340e866e9b408a4f324340c4e7ac5357ed28552dbf5c6e64affbb1d6743dc836
SHA512 dd73d0819d6458fe90bad236dd428de9c86c2f33e2d7105d503697ccdf28e02f97675bfb82a2de8ad18b14d468c2938b3f75602e5e19be8261326828a92cb8a4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\startupCache\webext.sc.lz4

MD5 65eb708203e6d2f6e4867bd0bc9ab730
SHA1 49c5e0b686ced43d18f6dbff1837630b9985bb9a
SHA256 a0a721b95b0ae693bc57ab73e8b3aa3e954271931e2d07428df9a5406d3d1e27
SHA512 9bbd41ff2076b97edd89e58cf4b106e1baa6783ed4be83f1dad36a10f2dfd06314b2c0a48a0a9aa72c62832bcecc7dc189496e8ec39474d35e7582aa2179d7ef

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\prefs-1.js

MD5 9b8c902b243a45a433e035645a464a8b
SHA1 1b3297dbab2dbf21b632aac58bc85f0ff980eace
SHA256 c15f7086aa5b8f731aa3ae707bf5efffb156ee06322afd0aa974fe2c90d1e87f
SHA512 013cb3f79392a19f9c2315f8cd3d0cf2d76caa53e9a4edf0a97e9398ee268ce8ccb15caa05d28dea43143bd3a3f8e34bf383099357aa2e4446a59fb3428f8afe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaU0u80\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG7lPEN\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG7lPEN\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG7lPEN\prefs-1.js

MD5 2aa552193d7b9f928fa3699042a4cd9d
SHA1 c9800c77ff78f9471e2d3132b598aa37ef8e5a8a
SHA256 9d149c1a070a7caf3b725961d590373fa69a8639f4d2207d65d725b9d1aa2980
SHA512 a5f7ae0d71f9633952674730829678e38ff6175c6caf0e3835f7afc86b399b8c6994ccb1ae36f2c67de92cc7b6bdc6299c59b17206bea937b68ee680a1919262

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG7lPEN\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG7lPEN\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekfI5lW\prefs.js

MD5 b450b85c8388c28f57d86e96f3dbc2fc
SHA1 19310f8d6d5c11caba626833423dd5d5e63bd1b7
SHA256 b56d729c71b24946849931d6a9fc956a2f406b73e379ccef857a290d0d2e4e0b
SHA512 97d344eec64de1bd1b4d53db1e1d47bed8191b971dd7e218278a77c4f0cb5e8b7c8931c8432af9bfe4209ce0f6f21c311e0bce099a6a102e4f14c5ee0e810960

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\compatibility.ini

MD5 6688f7e3219fed8926d4d944b5f6add3
SHA1 975ee4df6bb5a45b3276383d244e813881d2fe46
SHA256 aa00deb6efc62285f4021b3bb5e7981fbceb73bbfccf7d9981a972d09aabbb34
SHA512 39387eea0bdaa2cc0b2075db2c908382783339ec0edfc32645f9c39367918f451bc7cb87db675aaa8d98c9f9b9dc386300353963bdd1c69717e5a0f96810033d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\WebDriverBiDiServer.json

MD5 13b5bb012e3ea3e6420bee8128af34ca
SHA1 0032f946e04b0d0a98392f8e9d6e942518ea92af
SHA256 9f4344aa092e3255f4143193b3adc8076c00feb2ddf46550f0f7b7616b8b0610
SHA512 f5e5b11bdd070643f723e7f103726684b7c81f9c09974e8032bc0ffcc922665a1c11916b01b969f86be8fc6900618fd8e273b78997724794539560e546dbebbc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 ae586df7b229c79276b5c65448aefdc5
SHA1 ecfa6f36e54d03ba7dc4b5f4084db57fd890b246
SHA256 485eec37b4349c63f551bc8ae5ee7437af8ce5db97629ceaeecf77a1f51a9fa8
SHA512 3f95b6e90850cf7b97e501d05fc7de407b2f6d52cb894b0e91f06671f7975c8834e3052ee7db71ce99121eaf3334a3ce83ccd24652fe953893a78c3a63e2b55e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\prefs-1.js

MD5 1fee47d03e284b9b29903298403117f4
SHA1 27bb5bac1b95ae545c63c905418c674dc2b1cddb
SHA256 22f6d23b34fcd6d6daeda042a51288f24bdf22e29a5b3d49d0045dfc179ea21e
SHA512 71528a0585d72929573df35164999607c56434d56b4e936a16b930e93d836c5ea371da31592591c510a3d6dd22c4f71a4611dd86ff8d9224fcefa47129c14bc9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegu7qCm\prefs-1.js

MD5 ec20a787310dd3dc0a7f0f8a2a75edb7
SHA1 536a2fc66a0fc2792da41f8e6dcb07acb0cd5604
SHA256 223cec12c0cfbb8b672cdaacfc36493ce9325686932ac013897b1a265e2f0c23
SHA512 b64f2e446c9202df531c8abed01709e306e6b65457d73c2996188638a72dd26ab316da3279d2fa3d942d4916abd938dc739f3d535d2f1c2408855da5ee9e782b