Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-bc6xpsca27
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:02

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

287s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1748 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1748 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3048 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1828 wrote to memory of 3524 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1828 wrote to memory of 3524 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3048 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe
PID 3048 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe
PID 4944 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4944 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 4100 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe --port 59549 --websocket-port 59550

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59550 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileotGt2X

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59550 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileotGt2X

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1020.0.899060060\1507288271" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {e05d40cb-5dd2-4578-9f4f-67215fed9bc6} 1020 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1020.1.711656719\953118972" -childID 1 -isForBrowser -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {383900c6-e953-48eb-9da3-3a3f6d505814} 1020 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1020.2.1659964111\1769420488" -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {5fdf4a33-3586-49c0-b97b-360a2a25d864} 1020 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1020.3.869596795\2021775116" -childID 3 -isForBrowser -prefsHandle 3296 -prefMapHandle 3712 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {78b2db7b-c99f-49ee-8655-3fd984c32507} 1020 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1020.4.311755833\1693633900" -childID 4 -isForBrowser -prefsHandle 3576 -prefMapHandle 3596 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {f2453d36-b0ad-43bf-8bd2-d62863cc9c51} 1020 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1020.5.1646283772\629964184" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {0f48e3a9-9740-4ee3-94d5-aab7765f8bdc} 1020 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1020.6.589507327\1806538141" -childID 6 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {aa6d3794-0d61-407f-89c6-675062cd89e4} 1020 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe --port 59549 --websocket-port 59550

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59550 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59550 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3704.0.602630351\2130355033" -parentBuildID 20240416150000 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {9844538f-9b0f-49dd-b863-6c446f5b99a4} 3704 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3704.1.226108716\715880382" -childID 1 -isForBrowser -prefsHandle 2552 -prefMapHandle 2584 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {c2962a2c-3e2a-4e36-b31c-09ffa1427a20} 3704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3704.2.557947873\2077984738" -childID 2 -isForBrowser -prefsHandle 3284 -prefMapHandle 3280 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {3988c027-330f-4752-9c3b-6983452b1c18} 3704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3704.3.325908840\970048733" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3680 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {cd9f2294-459c-4782-a4bf-6d517d7cc609} 3704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3704.4.598059460\950206030" -childID 4 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {dde92d99-8924-45f2-8053-6bc69e151f28} 3704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3704.5.827613956\1384356026" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {d039c9f6-650c-485f-9c56-c5795b62be37} 3704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3704.6.1793970917\240916137" -childID 6 -isForBrowser -prefsHandle 4216 -prefMapHandle 4212 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {83fb5b92-5b4a-444f-99f9-a54492df3fe8} 3704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe --port 59549 --websocket-port 59550

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59550 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59550 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.0.2041244901\1691117740" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {c3a06e20-7888-44d7-ad83-170b94a9940b} 4880 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.1.203630278\1195527505" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2380 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {910b923c-068c-4cd4-b11d-dbc2e0334ce0} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.2.378468931\1787710447" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {54d6c8cf-f7cf-4869-95d1-7d0e83683d7b} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.3.1986495017\1896196666" -childID 3 -isForBrowser -prefsHandle 3280 -prefMapHandle 3268 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {8fcff22b-7adf-45a6-9952-8d8377df63c5} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.4.1782171034\1205972319" -childID 4 -isForBrowser -prefsHandle 3420 -prefMapHandle 3428 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {c11df625-bda1-4f70-87c8-c37d5845e6b6} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.5.1127765498\819231914" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {02c7265f-3869-458d-a859-0db0d6df7108} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.6.765835795\437835535" -childID 6 -isForBrowser -prefsHandle 4108 -prefMapHandle 4112 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\browser" - {f0efb951-eb8b-4dc1-b55e-a389db923676} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe --port 59549 --websocket-port 59550

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
FR 54.37.180.95:443 tcp
SE 213.113.1.191:6881 tcp
US 8.8.8.8:53 191.1.113.213.in-addr.arpa udp
DE 185.220.101.192:443 tcp
US 8.8.8.8:53 192.101.220.185.in-addr.arpa udp
N/A 127.0.0.1:59577 tcp
N/A 127.0.0.1:59582 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:59749 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59757 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 138.201.196.252:9993 tcp
CA 149.56.38.170:443 tcp
NL 130.89.149.57:9001 tcp
US 8.8.8.8:53 252.196.201.138.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 57.149.89.130.in-addr.arpa udp
US 8.8.8.8:53 170.38.56.149.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
CA 149.56.38.170:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:60082 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60090 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:60396 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60404 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59549 tcp
N/A 127.0.0.1:59549 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17482\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI17482\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI17482\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI17482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI17482\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI17482\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI17482\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI17482\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI17482\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI17482\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI17482\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI17482\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI17482\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI17482\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI17482\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\tmpgl8zbmn1\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI17482\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3344-483-0x00007FFA12280000-0x00007FFA12281000-memory.dmp

memory/3344-482-0x00007FFA127D0000-0x00007FFA127D1000-memory.dmp

memory/1020-530-0x0000018F352F0000-0x0000018F35300000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileotGt2X\extensions.json

MD5 9d5693698c0430cc1f06cc8b645aba28
SHA1 886084d0092064a0e7832171e4f2565dac1b6eb0
SHA256 0acaadae652707eaa08e3c7f5794343eebc50c5a562022ac1e085d605a894b79
SHA512 95d83ef597476eb256f4c318289795472e37a9b2a10b7bc8159e4e8758cc1bc8e169a419766bc58fd60a71ceee6db1e068494908d60345b8d58086db9877f105

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileotGt2X\prefs-1.js

MD5 2413189376570ac5d78d4d035f146c09
SHA1 f1db7ef35b18573625bc199b61274a168c629f90
SHA256 7546590494b747204a0fcf844a0c2829f0b428566f5f15faf4c291f48d3a7864
SHA512 0ea508e0172c13ae01c5e6bffd3637803b3d413355e66d4fffff4e32e32775e145774fc0fb45d3cd38d90abc22c58ba0233620b74b73825b0cc56220d0f469e6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileotGt2X\prefs-1.js

MD5 1b0f73cae1bd63c577228503491d5be1
SHA1 063248407b827a3da8cd3ffa68d99af5a22a8e80
SHA256 1552469a35f7fa807b9c66caf19e3934a39c3d69664e45ae083b2434d668fc32
SHA512 b90d66433ec628b73202afd3376d40add9d0a4d10e1e8547fdf946b9ff465349f85abfbe13ab3b6c780f3570b561a6f43ecbf39bc37d1c73a2d3a8947bacae1b

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 eda5292da7fa6fe040baf42117134f0a
SHA1 e057cfce7301ad53ffe59cc3ab630eab8147456f
SHA256 9cf08b9dfb30a359e3dfe3960cddc87650eae84decf7f4cf7c6b86db1cd79235
SHA512 5ef867f9188fe4701448615643307583a5256938dfd02473d8c268fdf3637fc4077788e885d1f7f6a4a0c3f572f6732359d44805510d264755cda6302252badf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/3704-837-0x00000219EF4F0000-0x00000219EF500000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\prefs.js

MD5 aff7f744e962dcef2c9066471a516eb4
SHA1 dea8ccc80c50f8af868b94b0df80bdcb64e2451c
SHA256 78e7d70ea229abb08d7f21a78eecd97eb3acfeca637580a21a60bbb25aeaf9fe
SHA512 354eadbe969c21e9fed862a6a18585b60c0a1ed03339e9e3c2afdc36952076187aec2893325ecb6615634110724bf39a38adf36f4e7b0392632cc730a281140d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\prefs-1.js

MD5 1634d8b877199cf6a80e255036266b79
SHA1 d9f1f0aa7ae033da96ab983c16a7c47e4269bf35
SHA256 dde7029d99999f453b9f0754d8dcb878b1089d2f97676e96e7394a090be2d774
SHA512 0cf4b55a199cd0e6b5f73f0075dac906eead36b7535d39f1e424d42a523d297eea034869093bab6e106cded9aeb502e4e8489b978b6de2c0c60513fe27ab5714

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\startupCache\webext.sc.lz4

MD5 b19ea7f2b8fd231d1c1ebf91353b5881
SHA1 71b65e92f8850700bf6b7ea1846518e2c53e09d5
SHA256 47fcd6a035757af8219af0065488bdc45da232b1b0f06d678f256e114da794b9
SHA512 9737bd769568596f3c9d4f5d61abcfeb8de0ed8b6fce3a5363ae5ae7b66deaecbc7b2b9cadcb0456232b6c0dfbd7d20238adb50298f51c4d3ea1364691720921

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\prefs-1.js

MD5 3ffdf28c0da6c4df8931b64c54401ddf
SHA1 dfd5bfe0a02ca9d5bb961eaa7d705e167605b64e
SHA256 8d2877e569deb088b9695cb9571d2e884801d1df130df5a2c94dd371536a8617
SHA512 82d6acd5dab888e97fbbaad5c61606c49c02d355e3e5e2397e632a3faaa9582ac424625175c5e6574eeac3108017abe33b3374c4cf8f03b1a3851612085eedd0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCp6F2E\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH\user.js

MD5 4fd83fa69aa859fa4029a252d59017e6
SHA1 35214fb1b8c4d0b1e5e63058d91b37ea1798390d
SHA256 8aac124408d60101d9b54784abd65e82393ead4947ada3a00364391995d2ccd4
SHA512 34b638e2110aae548ae3482681a09dafc66cdc115046a6641697186c2c2803a699552a36f3ab60a540c220b008c96f4d507460fbcb05acaf6e7bb6b116722a3c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH\prefs-1.js

MD5 2d1c50fbb4bf8af84955bde51f9dd9c5
SHA1 ce47f809a3826bb172a5124721ab57c17e316c36
SHA256 58be53b70214ddbbe6183c8b71c4534222fecc11ed59e118028074e4c54740f5
SHA512 5d93fdbc4aac9b86b9a3d1ee93475378effe011c5a5ecf80b6badeb943580af678a60d175f8d6442cb646df42a7dd5a798fea8be9a7c455a179b7d9845cd9895

memory/4880-1135-0x00000178C30C0000-0x00000178C30D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH\prefs.js

MD5 ae34eec36b8f0fada1c279b4bcdfa886
SHA1 a16ad611f4eb1ce753afd13cd44e83ca280f9dd8
SHA256 51252af03e54bf24884eb01a6804ffdfed5a11f2773b67df46b5da3530334afc
SHA512 7df4c7faf112c4a28ac6d6d3f36e4c55828e54d9758db6f97172d0f98ee6a679e8107ad97aaf42118f4c6b2c3c9313c6e79dafe45086d8f6a3641cbf9e5682c0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH\prefs-1.js

MD5 67752eae780b06e4bb671931c26a08a8
SHA1 d9c0763847896a6aada0809a2a2cc9fbad16506c
SHA256 14bf90a9a50a8f2a20744f14049eacb794d3307b018a04f11bcd2ed949cd9f01
SHA512 f88b9bdb6d710595300833241d8d622e74014ccb8a53fc62d1b1aa1e5d914a531f4cb62fb02721df205bab2b8a8c8a6b545eda799e6ead3396b6bbf15bb8b3c2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSSt9VH\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win10-20240404-en

Max time kernel

298s

Max time network

306s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4920 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4920 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4448 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4448 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4448 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4448 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1764 wrote to memory of 3200 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1764 wrote to memory of 3200 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4448 wrote to memory of 596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe
PID 4448 wrote to memory of 596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe
PID 596 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 596 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe
PID 4588 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1jFD51

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1jFD51

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.0.1780879908\1681638576" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {10245245-b1c0-40ca-90cd-1df75539862d} 4588 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.1.2109029932\1021602914" -childID 1 -isForBrowser -prefsHandle 2524 -prefMapHandle 2520 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {64a7a232-3fe0-45af-b2c7-f2f2335b6f45} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.2.1351925887\1253647799" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 2956 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {84fea109-5083-4e25-8118-7b2d163c58b3} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.3.1173013970\2063559750" -childID 3 -isForBrowser -prefsHandle 3356 -prefMapHandle 3360 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {00c7276d-ec8d-4588-a322-a45ff4b62a7a} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.4.1351746923\1965352496" -childID 4 -isForBrowser -prefsHandle 1356 -prefMapHandle 3720 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {de430c9f-ca2c-4f7c-9d1a-e4d37f41b8c4} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.5.2121039162\1237585925" -childID 5 -isForBrowser -prefsHandle 3120 -prefMapHandle 3124 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {64cea9b2-a6f2-46ed-9656-b40acbd7b5f1} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.6.960980232\42455566" -childID 6 -isForBrowser -prefsHandle 3172 -prefMapHandle 3812 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {f9ea307a-d5bd-4e44-98c8-118d236b48d0} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.0.1828669668\2104744829" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1416 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {8645c2fa-d849-407d-9178-cd5ef45562ab} 884 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.1.1958772954\251414525" -childID 1 -isForBrowser -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {a8a8a920-8bf8-4a1c-8633-d05ccc10758d} 884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.2.1625194743\97797737" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {5f4412e1-171d-49f7-865d-2ddaa0b86b4a} 884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.3.1399146340\1237105287" -childID 3 -isForBrowser -prefsHandle 3572 -prefMapHandle 3576 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {1490f5d2-61c8-417f-9fa5-372a286f0185} 884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.4.393938409\1266411095" -childID 4 -isForBrowser -prefsHandle 3024 -prefMapHandle 3036 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {b670d025-394d-4f85-9d20-59f2e46635f3} 884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.5.1162789558\1429455311" -childID 5 -isForBrowser -prefsHandle 3000 -prefMapHandle 3172 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {27b9d2d0-90e5-45d1-b371-ed3da6e293f1} 884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.6.314233628\1824452201" -childID 6 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {cc16e561-5a53-4b83-8cb8-739be853371a} 884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="884.7.144552792\173015282" -childID 7 -isForBrowser -prefsHandle 4244 -prefMapHandle 4280 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {e6d14960-0fa1-476e-846d-b823314ebd36} 884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe --port 50049 --websocket-port 50050

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilethJrj5

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50050 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilethJrj5

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="68.0.2100240384\646215398" -parentBuildID 20240416150000 -prefsHandle 1532 -prefMapHandle 1520 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {86468c58-add0-4be9-945d-a243e41357bc} 68 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="68.1.1486206131\363534119" -childID 1 -isForBrowser -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {63d7c5fc-77e5-4926-9319-441f91d93be9} 68 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="68.2.2023925407\1691282076" -childID 2 -isForBrowser -prefsHandle 3032 -prefMapHandle 3028 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {5d11ff90-c6ed-44af-a9b1-0bf0ed1bd0e5} 68 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="68.3.1277847408\345678896" -childID 3 -isForBrowser -prefsHandle 3416 -prefMapHandle 3336 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {d80ce2a5-76e7-4728-a3f3-f4375486bfe6} 68 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="68.4.1334714496\741404210" -childID 4 -isForBrowser -prefsHandle 1436 -prefMapHandle 3628 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {316fc0f9-5e56-4de2-a60e-96cc4552652d} 68 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="68.5.1592130317\817712913" -childID 5 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {6e2322ab-05d4-4f54-b936-6d014ed3b272} 68 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe" -contentproc --channel="68.6.685969343\1562055980" -childID 6 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\browser" - {ed04d4de-c80b-4757-9aca-9d0b2f327b75} 68 tab

Network

Country Destination Domain Proto
SG 139.162.63.125:443 tcp
US 8.8.8.8:53 125.63.162.139.in-addr.arpa udp
AT 140.78.100.23:5443 tcp
NL 37.1.201.144:443 tcp
US 8.8.8.8:53 144.201.1.37.in-addr.arpa udp
N/A 127.0.0.1:50152 tcp
N/A 127.0.0.1:50154 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50248 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50256 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
NL 185.244.24.43:8443 tcp
NL 51.15.79.105:443 tcp
US 8.8.8.8:53 43.24.244.185.in-addr.arpa udp
US 8.8.8.8:53 105.79.15.51.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50560 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50568 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50938 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50946 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI49202\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

\Users\Admin\AppData\Local\Temp\_MEI49202\python38.dll

MD5 c40c36a527b224a242b22a301df7bf0c
SHA1 41099f8b597e5ba6f4e7b8cdac655fa432a5ee28
SHA256 68cc16d68ad3cc8632942005625dbf23aa90b9a00c18ebe83981f66c8a34830e
SHA512 97008b6af13408d061341a881a1285b2c810dedc30948d0785e19d25526320ef9304170572c637d66d9c7470a9dd007f1a8417305d9e63fe0ca8c3ca5b537e50

C:\Users\Admin\AppData\Local\Temp\_MEI49202\base_library.zip

MD5 196fc7563beec5caf7c72cfefe27a4c0
SHA1 c3d9ecb19ed275d5e72dd2a2b8e63ae4b1339614
SHA256 ca9d50db79635bc360319cbb7ef3054ebb5824298e72663f38a1389575e839a4
SHA512 f0d6d9eae8fa63bc1922a8092236ab832c5d640d2775f985b13cd661796ee68b0c690146e84e2d54f55b374b38345d7f4c295d403ea6ade60b268d9a56cd139e

\Users\Admin\AppData\Local\Temp\_MEI49202\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI49202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI49202\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI49202\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI49202\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI49202\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI49202\libcrypto-1_1.dll

MD5 0941c662082b05ebe62291f286a83e8c
SHA1 07c8641b96a52915ea5d30d5891478556f8d9208
SHA256 5fb7a352f7446297b524902cd1bf9f4e6f2fb60cfb2daa9e3fa0f76ce91f9c27
SHA512 d0dae6006c1d1978f3166ab3663ca14f50f0b3699357ce89cc53cad0ffec81c089355c5980bea7ad527030fdd12a26cc0cb6422a933e207226e77d2730d69da4

C:\Users\Admin\AppData\Local\Temp\_MEI49202\unicodedata.pyd

MD5 74f0f14027b885ef241534fa196562c4
SHA1 ce3b7da95afcc5d5a1ba98b3559838fd5c590ad4
SHA256 0699d54b62a6af51ba3066d2234cdd0993888e96e508f6601bbc072c5ed850c5
SHA512 44e53181dbf565f374ffe66f8963d2e48733325df23fd0d4e3d4ecc23a7dcbebc5553a8aba83e918a59263c43a29d2873f252249e43d20525def232fdff0ac18

C:\Users\Admin\AppData\Local\Temp\_MEI49202\top-1m.csv

MD5 d3432a2ced43edf84b7931d5cd43ac97
SHA1 2e02c3835ab6253732362a19cfe24475a905cb6b
SHA256 d4dc7077cca9856ae8d247824bb4c75538e815b7b6bef2b9a80742e62f264ecc
SHA512 e0456ac3c2af03ae1de704914827c129625ff9733693cfbcb90ec1b26febadb7ab505976afa4f663b79ad066397fd1708deecadc1d97121ade159ff4cbdfd766

\Users\Admin\AppData\Local\Temp\_MEI49202\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI49202\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 d5a74e45a1d330236c75098cc4239ed2
SHA1 6d32eb7d4998ef1aae362fb970b1cb7187bcf5ff
SHA256 8fda3fa76f824075d7c592d804c77cc076a478852016b975d32b37436b4d7a85
SHA512 ea83e8c2ae40f0b9013174611e633a23b1559cef2b5cb035ddb774796d82183a8df92fcd2d4c1da87fdcf243ac21539607f0dc62944e9af1d4f27f7e2ce7c73a

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 5376462c1ee628c1189b319387f03bc8
SHA1 65e8743fd10fad07aef854182431701608a97f7f
SHA256 b0c69af55686333784dd80219e94efc8473e8946ba28656be5a190545d92a60a
SHA512 05d12fa46fefd75b59173f418b200fede48f66d0728d806295b86be4ff3bb8374fb9dd4260d1b831facaec22198122847972d92177eb8632d339ab2c3856d55e

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpt2efwthp\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI49202\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI49202\nss3.dll

MD5 5482838ea6714916e69b790875b06fb4
SHA1 a2fba3cbaac2b0ef082b4fd89d3d56ce23b7e924
SHA256 d5b33f0894f8e5cc9af1cef9f3408a5671bc24194244c0deb12164f271df204c
SHA512 206ac3e89dfc3b6dc29ecf5df9a3921b9e10d491855757a71f03e557e166bc1ce1efc03ed7eea16125af1e38bb553abe27d9caf99367d46fc842eebb0d014324

C:\Users\Admin\AppData\Local\Temp\_MEI49202\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI49202\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI49202\libssl-1_1.dll

MD5 75c95d1a05191a2f9101e24f60b6eff7
SHA1 f6136241c5983c4461df069c24a8669fac614539
SHA256 e3eaafdb87602671c30409f941651bfbcc42a0068337f605ff5a38d6283e1788
SHA512 71c894f6232c1b392184daa816adacad058af56e4b05bfdec8e0f1a535c5e4f277bac3b043e92a257bc427727be149e73165fe871442fc77f7a34dbf42f208dd

C:\Users\Admin\AppData\Local\Temp\_MEI49202\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe

MD5 cc3d9fd2d0d1fe7415f80f1b8338bb83
SHA1 4a2ce0dcfe92fa580b235d025fbb87902548f78e
SHA256 65f327d15e6634a75457968c1351533a5fc92a906487611a3a78d380c54b99b3
SHA512 da17ce903cd4c09ebe53345940ca41d34089958b225537e727301273ab5845419d36a86d0574567b73b5dc7031c1bcfbd86106651db8f10ac413065dd27607d2

\Users\Admin\AppData\Local\Temp\_MEI49202\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI49202\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI49202\geckodriver.exe

MD5 d5b16b96993e6d5041cf5224b0104b6a
SHA1 0e467446b3c7dd8221c8ebb6916fa8ce4ff423b9
SHA256 417bd9537f64f002e14082b2e2ce714517948b4376637cf62e3cecb5450423bc
SHA512 a2d3c63fd503a13acb9b81c6a16f8725df0378ed5691dd6ccf81b6646429cdd806fc5702ede858905214561bf6203887b20b0964443585792277408cc4f1e705

\Users\Admin\AppData\Local\Temp\_MEI49202\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\tmpt2efwthp\webdriver-py-profilecopy\places.sqlite

MD5 a476120b2211f8725f3764352a6f7d28
SHA1 5c166fed2eb792fb4a59ae42abfd6f6cd1a07e7d
SHA256 248d9a84421bf8408d6e127666b662f2dca9188d4d7487cf7f018f54c903cee6
SHA512 fa8801bcea830ceba340c28d9a3be61711b1ee312368364d51c56aa8df19931e237373674e41b523cb1a4446476cec62c1595582923ce64706c1e5198aea69da

C:\Users\Admin\AppData\Local\Temp\_MEI49202\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1jFD51\extensions.json

MD5 423a05fbbb1f02380b2e29ae8e333d23
SHA1 a9e95f6bd865e89ef6226f5e208c7a04a1c596ff
SHA256 2c515b2f04ba13c75fcfbaf5616eb8f6758d870032e973efd2a01b2979ba42a9
SHA512 ee7cf86b16cb0fca079bc61b4d61d4ea2abecfa0224a2fdef77a73fb957d84848de538e6f5982d0822ae8c510bfd1ea433b8662531ba2f4e8da3296c87761d05

memory/4588-532-0x000001792BE50000-0x000001792BE60000-memory.dmp

memory/4588-567-0x000001791FDD0000-0x000001791FF40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1jFD51\prefs-1.js

MD5 89e55e0c860312d8ead9e393efc654c7
SHA1 bd36271f6aa089facbab838ac9aff083854e2687
SHA256 67940b65218645f312f7a63c5638799bdbf452f5dd1935e3c3e2f774a631b668
SHA512 a490a360b1c1b984a5fe66170bb962741e7e825769ac5029da03a926363bcd8b5cb33c5be9a7857ad4d047c9a171367d595aef05a574cb5e1b516060d11abbe7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1jFD51\prefs-1.js

MD5 cff330415d47246311d7e1a2bf901a62
SHA1 0f9365bf1c1ded5d8af27168e756fe9c83e41715
SHA256 4d9392a8917161f80e9821dfa1aa1b626638d25fac959e80383ec83079755033
SHA512 8b7204e7e527c993ab427e2b54863960059a0bbd7a310788f2aabccd2e6856de65328106688e219220952d8a10b077e1d61bd4b637b6ccf45e736a3826a1838a

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 7e3c46eb2d00dff3af96553c16b00c62
SHA1 a66444fd8e2cf233d253558f54c56f77718135da
SHA256 3c5ec64d8ba4b60d8d6a2938433321e0d74e1b23c8a6690f2682e0a3dd811835
SHA512 b1c25c344cd52b14d4753d43cd91d5d067c038883da790c327dfdc04d7e293dd38020053309aacb24cc6088fbf4e2cdb57b01595d9e6c90bdc57896b4e6e6414

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\prefs-1.js

MD5 2d0111292aaddd1eec0836c9f5b649c5
SHA1 919fc15499cc26b9ecf63c793c6c6ed6a508a5ab
SHA256 f680bb0bebc478929c4626c170f68b5ee5eea17b73bd7d68b5a2d0398fd6d667
SHA512 27ccdf1cae80d264b53c6136d6f182351ee27781e3550a0685296d08a87c41a0a0146988c70b45bfc8804c8063faa9fbd1a1a8e5a5d7a5d4f9f60be37d012ffb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/884-820-0x000001FC7BDE0000-0x000001FC7BDF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\startupCache\webext.sc.lz4

MD5 d4464f963cec86cbe8c3fdbbc4db8c49
SHA1 1052e41728341787c8d1cac87724ccabb56798f8
SHA256 fccaa22a253e2f699fff787aada499f2eb5322ec9145b2a4499650d673f8f68d
SHA512 f1a5d876928a45963f73982ee4ed10a270202a1b76d0e1fd6ee69b517f5639d9c36336bfa3002d9875ed8925f6e44f2196b3e4166a18f92c704d97ea5ea56392

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\prefs.js

MD5 195a51b7ba674895a7812126d36c112c
SHA1 2b5dc4ecd3420c7f8a26df4ec360d6ba620a03f7
SHA256 9e6c8d03d43dd8cbb6528de4c67da6c59145321442d3649a5efec2f7404e3abd
SHA512 f018d4ae19e7f59fe1a37f886cd593a59301ec2e4869cad0d9ffed18fb9ff0e6a8775cfb5f2afdb88d31d1f219492d314853f7d451946351a7cb32738e74e997

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\prefs-1.js

MD5 ab28b7de73d8e2bf3e1e818bf4b3be2a
SHA1 7464a13585db62a0664de3b8a0cc2336ea0ec64f
SHA256 fc7a52e77009c7708856406fe35b55954a44dd972b3fef836c7fae11b9bd0403
SHA512 35de540cd68f3ac87bbe4fd64343bf9af0663ba44f8e57f1cabfbf82907734148ee10116166fbd11c5bd4b0c5f93f30be22d7a2f564961c9cbaac15b5b6f5381

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\prefs.js

MD5 301fdf6f290359cbaad51dfd3f8bad2c
SHA1 27d5cd5131ca52b763849101a5fef52870d7a2ee
SHA256 c7705baba51828ac562a0a26b9daa34be7097df7aded98d1f16f0e1092563576
SHA512 6b69a16a4d86e16b9d7be348c8cc3781e407b00820a02eef4539f7aefe926293d3db9e04d21ccca47569a1a9df37ec8f1e3c030cf5f37eb49f5f0245cda70893

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\prefs-1.js

MD5 fc3df058d5a37f18fab2733c328856f8
SHA1 087df538f75498793f6635aaa1341ddc0be9f19d
SHA256 af146f7389244d17285806fe691f09e4f2f15b4912d3b5a62d713f0e28f1f809
SHA512 2c6678a14b7680f837acf631f166656a87ac98fd21031535b25238733c86576108c37612650f4a2fd70a8e199a4286227b1588720c3494b13ad5d0c800a98f88

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSAAk2y\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilethJrj5\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/68-1119-0x000001FC44FF0000-0x000001FC45000000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilethJrj5\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilethJrj5\prefs-1.js

MD5 5d1a63db4609f556d7436403b5b457ca
SHA1 cd7347d6ea44262f142a61538e4b5310021acbf2
SHA256 979416bb123ef876c6f6a9fca387cd5a49aaed2324c126a4d5aaba564e48604e
SHA512 6bd65d72cefa0812cc51b93560b7985bf0881c659deb2387612872bb9dd4dcc277bb9973e044cdb129c33207c004cca4149f4a30b100dee329e66db813aeda40

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilethJrj5\prefs-1.js

MD5 9053f0112236c97018730b574f865930
SHA1 537d515af96b58b9cc5c14c8637600f60b50dcfa
SHA256 585a1e782390efd0cd4e2a14ee6e16a207efcc60a58d1c0ddda58510e3ff9d46
SHA512 464e00c52aed71bc223f397b7a6adddb3bb64c3c9d889bc359fc323c5c62cf921af5da1869242eee50cef8f6bd0e5cffef10b9dac5838fdd8f3be724cfa1e014

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win7-20240220-en

Max time kernel

287s

Max time network

303s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2036 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2036 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2036 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 384 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1300 wrote to memory of 672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1300 wrote to memory of 672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1300 wrote to memory of 672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 384 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe
PID 384 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe
PID 384 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe
PID 2324 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2324 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2448 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe
PID 2472 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezY0JYb

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezY0JYb

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.0.115375701\106288345" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {93c96ed8-bc8b-43af-90fd-6ee13eb4270c} 2472 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.1.1384260875\303615668" -childID 1 -isForBrowser -prefsHandle 1692 -prefMapHandle 1964 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {c9f4c429-ea86-4e36-a87c-c3ef25f93be7} 2472 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.2.1505875570\383622203" -childID 2 -isForBrowser -prefsHandle 2432 -prefMapHandle 2304 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {7cd38145-04da-410c-8879-fcca76942854} 2472 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.3.1021354624\1020492132" -childID 3 -isForBrowser -prefsHandle 2420 -prefMapHandle 2692 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {427ca7eb-a022-4664-b3a9-9e21461e73b8} 2472 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.4.363199300\2102578167" -childID 4 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {d86c8949-8ed0-4169-b362-c9610977a92b} 2472 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.5.268826065\274965572" -childID 5 -isForBrowser -prefsHandle 2896 -prefMapHandle 2900 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {176aa7bf-a3fb-4c4c-b450-5329962584c5} 2472 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.6.1347261450\1917409475" -childID 6 -isForBrowser -prefsHandle 3084 -prefMapHandle 3088 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {7ea55db9-f8bb-4ccd-b3f0-6127bafc6358} 2472 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2472.7.1883490151\1828270732" -childID 7 -isForBrowser -prefsHandle 3380 -prefMapHandle 3336 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {d234a121-21e9-43d4-ac4f-86ddcffe5733} 2472 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.0.310785365\1363131235" -parentBuildID 20240416150000 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {f5e764bb-3ff9-42d0-be3f-335c4e5c7950} 1564 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.1.804038938\1239725740" -childID 1 -isForBrowser -prefsHandle 1664 -prefMapHandle 964 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {96cf5a2c-0684-48c6-814f-bffbd3c73bc8} 1564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.2.1625490831\1715491662" -childID 2 -isForBrowser -prefsHandle 1904 -prefMapHandle 2256 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {72818365-a474-46b3-8774-ef41627f902e} 1564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.3.1502861027\476963836" -childID 3 -isForBrowser -prefsHandle 2468 -prefMapHandle 2428 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {43cd50eb-8a54-4408-9043-23dc56c6701f} 1564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.4.698383011\1169495189" -childID 4 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {c8c3d59d-1037-4677-a51a-8f0877f31422} 1564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.5.1738315445\946121262" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2932 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {bf204b45-b931-4514-8269-385c082f4a30} 1564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.6.340745606\335166242" -childID 6 -isForBrowser -prefsHandle 3084 -prefMapHandle 3088 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {076709e6-3950-408a-abf5-59ad95eeb7c4} 1564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1564.7.1743771504\1203181250" -childID 7 -isForBrowser -prefsHandle 3316 -prefMapHandle 2092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {062960bf-311e-4ec1-b913-7c81d1e32506} 1564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.0.101622392\2078822945" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {19a9cdee-5299-457a-bf72-f2b3d12b2ad1} 2284 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.1.1982607226\1695661105" -childID 1 -isForBrowser -prefsHandle 1688 -prefMapHandle 1536 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {8b299109-fb13-43ba-a7a1-6612cc6129cb} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.2.66211870\1004897173" -childID 2 -isForBrowser -prefsHandle 2268 -prefMapHandle 2160 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {28353168-d3de-4f90-a1c5-c78a5e759d4c} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.3.1782562019\5668535" -childID 3 -isForBrowser -prefsHandle 2520 -prefMapHandle 2528 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {9d3be3a3-96ef-48e9-923f-8b4cda05fe75} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.4.1883223900\454092547" -childID 4 -isForBrowser -prefsHandle 1076 -prefMapHandle 1072 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {5e77dfb4-ef2a-4092-948c-2563bef2f8c6} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.5.2027534827\1498283523" -childID 5 -isForBrowser -prefsHandle 2916 -prefMapHandle 2920 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {6f5b1a9d-1663-4d9a-a5fb-7b1bdf93f57e} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.6.1297248485\1840430213" -childID 6 -isForBrowser -prefsHandle 2976 -prefMapHandle 2984 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {dd2c3de5-9119-4394-97cd-04e7046ce721} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.7.1521386905\729813159" -childID 7 -isForBrowser -prefsHandle 3380 -prefMapHandle 3268 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {221f90a6-4c40-43fc-acb3-b370c5ff4f65} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.8.1439294173\1959591246" -childID 8 -isForBrowser -prefsHandle 2760 -prefMapHandle 7716 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {ddc6703e-532c-4027-ba9e-8b3a634dd698} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.9.1180008592\762308910" -childID 9 -isForBrowser -prefsHandle 7588 -prefMapHandle 7592 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {f7c6458b-746b-4699-a5d3-5b4de10a34be} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVeL7bZ

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVeL7bZ

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.0.1901994181\778691987" -parentBuildID 20240416150000 -prefsHandle 1184 -prefMapHandle 1176 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {6008098c-3280-40e2-9912-6c53ad1001a9} 2784 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.1.1796735865\800573100" -childID 1 -isForBrowser -prefsHandle 2112 -prefMapHandle 1792 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {8a6aeaed-017d-4c2b-8f1c-af8fadadc217} 2784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.2.1065934634\1525536869" -childID 2 -isForBrowser -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {cd76b329-6dcb-4e50-9fc8-2ec8439f1252} 2784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.3.1069335750\263932856" -childID 3 -isForBrowser -prefsHandle 2376 -prefMapHandle 2696 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {1923cbbe-1eef-4ae4-af47-241c35548396} 2784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.4.1791868593\1584920105" -childID 4 -isForBrowser -prefsHandle 1072 -prefMapHandle 1064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {0aecbcdb-fd1e-44d3-9820-9f09e1f0e43f} 2784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.5.59797545\1391537804" -childID 5 -isForBrowser -prefsHandle 2896 -prefMapHandle 2900 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {3828fe90-01c7-4e59-834a-63ed98106c36} 2784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.6.1373765771\1119598856" -childID 6 -isForBrowser -prefsHandle 3052 -prefMapHandle 3056 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {c1d095e6-3c83-4bf0-90dd-1cd952e4d1d8} 2784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2784.7.1388595772\1635676048" -childID 7 -isForBrowser -prefsHandle 3408 -prefMapHandle 3412 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {1a8376e8-1531-4de3-a6a2-a3c468ae221b} 2784 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.0.119226464\1174761509" -parentBuildID 20240416150000 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {3f0c2887-e996-4629-960f-7368eef5efd0} 880 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.1.1137295451\2127953862" -childID 1 -isForBrowser -prefsHandle 1892 -prefMapHandle 1816 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {1c868342-6d45-48ac-8ba4-6dc4be3f399c} 880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.2.1219210248\332841885" -childID 2 -isForBrowser -prefsHandle 2336 -prefMapHandle 2340 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {c4f08d7a-4bcb-4961-bef7-9f169e77d24f} 880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.3.81895923\1620158761" -childID 3 -isForBrowser -prefsHandle 2532 -prefMapHandle 2536 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {fad58b14-41a8-4537-8267-a00181e12ced} 880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.4.1112151928\645844687" -childID 4 -isForBrowser -prefsHandle 1084 -prefMapHandle 2844 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {9303ff33-638c-439f-8704-150d88077bde} 880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.5.1963815682\1354650889" -childID 5 -isForBrowser -prefsHandle 2948 -prefMapHandle 2952 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {dc2a1cb3-4f0e-4c63-962a-ee5e98fce05b} 880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.6.1005312064\2054372182" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 3104 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {72981f28-71b4-45f8-93f2-908de6bb9298} 880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="880.7.1717505544\453412784" -childID 7 -isForBrowser -prefsHandle 7528 -prefMapHandle 3372 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {939777d6-0cba-46f0-93d9-ebc0f3c79827} 880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMn4mue

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMn4mue

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2956.0.414637736\199091042" -parentBuildID 20240416150000 -prefsHandle 1184 -prefMapHandle 1164 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {654aad9b-447a-45f2-bd6a-c4af815f300f} 2956 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2956.1.1602793161\1294388158" -childID 1 -isForBrowser -prefsHandle 1996 -prefMapHandle 1540 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 564 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {44dbcfbc-0483-4464-93cd-4296ef4a3e8d} 2956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2956.2.609483791\153608205" -childID 2 -isForBrowser -prefsHandle 2372 -prefMapHandle 2376 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 564 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {fab4afce-f5b2-4d73-99c6-788b5f27acca} 2956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2956.3.1314973216\1484657180" -childID 3 -isForBrowser -prefsHandle 2368 -prefMapHandle 2284 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 564 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {bd1319be-f097-4ea0-b99e-2e7071fd249c} 2956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2956.4.1819387672\137000918" -childID 4 -isForBrowser -prefsHandle 832 -prefMapHandle 1060 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 564 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {5c151ca3-4904-4b82-a9bf-bd1aa11af937} 2956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2956.5.1654698444\627217381" -childID 5 -isForBrowser -prefsHandle 2956 -prefMapHandle 2960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 564 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {6b0e7b79-43e5-4149-9b21-a8650fcf31f8} 2956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\firefox.exe" -contentproc --channel="2956.6.1156205161\1859811173" -childID 6 -isForBrowser -prefsHandle 3116 -prefMapHandle 3120 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 564 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\browser" - {599422e8-d491-404b-b2e6-f28a5c7b3d6a} 2956 tab

Network

Country Destination Domain Proto
CH 213.144.142.24:9001 tcp
FR 194.9.172.148:587 tcp
EE 46.22.212.230:443 tcp
EE 46.22.212.230:443 tcp
N/A 127.0.0.1:49533 tcp
N/A 127.0.0.1:49551 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49662 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49697 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50222 tcp
N/A 127.0.0.1:50257 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50763 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50798 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:51401 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51436 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:51990 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:52560 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52595 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI20362\python38.dll

MD5 c40c36a527b224a242b22a301df7bf0c
SHA1 41099f8b597e5ba6f4e7b8cdac655fa432a5ee28
SHA256 68cc16d68ad3cc8632942005625dbf23aa90b9a00c18ebe83981f66c8a34830e
SHA512 97008b6af13408d061341a881a1285b2c810dedc30948d0785e19d25526320ef9304170572c637d66d9c7470a9dd007f1a8417305d9e63fe0ca8c3ca5b537e50

\Users\Admin\AppData\Local\Temp\_MEI20362\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI20362\base_library.zip

MD5 196fc7563beec5caf7c72cfefe27a4c0
SHA1 c3d9ecb19ed275d5e72dd2a2b8e63ae4b1339614
SHA256 ca9d50db79635bc360319cbb7ef3054ebb5824298e72663f38a1389575e839a4
SHA512 f0d6d9eae8fa63bc1922a8092236ab832c5d640d2775f985b13cd661796ee68b0c690146e84e2d54f55b374b38345d7f4c295d403ea6ade60b268d9a56cd139e

\Users\Admin\AppData\Local\Temp\_MEI20362\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI20362\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

\Users\Admin\AppData\Local\Temp\_MEI20362\libcrypto-1_1.dll

MD5 95c6303a3959e746ad2a37f0558a73fc
SHA1 4dbe9ce43c9b894947d6388f13b639e6e321d9bf
SHA256 0e2e78ee499687bee1e30a492c67acb68efb77d12f33b951f964aca1469be98e
SHA512 7962ffd5bd58495b8b1856c45b6f7ace65378d60f249208d6f883b5e851e95bbb82d1eba2ad563c3747b65db4ace85bcedf0330e6fa856a218dc1a7df11454e4

\Users\Admin\AppData\Local\Temp\_MEI20362\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI20362\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI20362\libssl-1_1.dll

MD5 75c95d1a05191a2f9101e24f60b6eff7
SHA1 f6136241c5983c4461df069c24a8669fac614539
SHA256 e3eaafdb87602671c30409f941651bfbcc42a0068337f605ff5a38d6283e1788
SHA512 71c894f6232c1b392184daa816adacad058af56e4b05bfdec8e0f1a535c5e4f277bac3b043e92a257bc427727be149e73165fe871442fc77f7a34dbf42f208dd

\Users\Admin\AppData\Local\Temp\_MEI20362\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI20362\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpywh9rk72\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 a476120b2211f8725f3764352a6f7d28
SHA1 5c166fed2eb792fb4a59ae42abfd6f6cd1a07e7d
SHA256 248d9a84421bf8408d6e127666b662f2dca9188d4d7487cf7f018f54c903cee6
SHA512 fa8801bcea830ceba340c28d9a3be61711b1ee312368364d51c56aa8df19931e237373674e41b523cb1a4446476cec62c1595582923ce64706c1e5198aea69da

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7d6384160fc08e8462405b48c58d422d
SHA1 d83b6062f5e178867731c73ca85ebce36e31c806
SHA256 8877695be8bed60e85e844422198d7408abba4ee16d362a9c8f514b85e3365d7
SHA512 168e240ecec07bd2c9b6bfe8afe228662e6d6c42b4f2bf2349fb9d8aebb5fc4fc624ffd0c5bf91ce51b2ccef3cff33133188997bf9aad97a633552c5eb9ecf10

\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 486fe872808014e51f75515c56a40cb6
SHA1 e7fa97e2e174aaa9badd0a04818364a9083874be
SHA256 90f55bbc9ddc538491475502e381a01c26472773900c41c1db19bc89860f6a08
SHA512 f2b0cb9a683e3e19d995040339660da9f2903dff885fba6f5a76adf7113e4d0789aeb295b4a33905615bd9efb8c733ad8cb349af6ba8015e0013546aea91ee8a

C:\Users\Admin\AppData\Local\Temp\_MEI20362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

\Users\Admin\AppData\Local\Temp\_MEI20362\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI20362\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI20362\top-1m.csv

MD5 bde8be24d19b6f197ca175d49f57a2dd
SHA1 2b14d577ab3ed746b2a67db0bc01dfdcb67ba07e
SHA256 6e656f6cbdf9f7958807acf42e5dc8ff9d3c35f47e76b4c4a096cf1a0f64ca5e
SHA512 0133386681d09db3c25c12bc1dca9054a6ac4b9aa019e0073460416961185c566e83b10ccc623ae088163a6eaeb5156d9095e72e374081bc63a18b76fdb75923

C:\Users\Admin\AppData\Local\Temp\_MEI20362\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI20362\nss3.dll

MD5 d7f784b6524f64dcd27aba7a8c0a45d7
SHA1 5e26a69dd047eb2a2702d736d1bc07ef2fd7ecba
SHA256 98c05bc559a5d07f02950c2acf553db8ade3df20bda404ccce69f435d781f4b0
SHA512 9fae11f80c572ec3cb2003d45001cbda0319f3b95a9fefcb3e264eec09a5df9edcf4618bb4bedf55488afba3bec0ef7c967b4f4ce3447729a348624f4f6f13a9

C:\Users\Admin\AppData\Local\Temp\_MEI20362\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

MD5 4894f67634655cd4d0bb25d327a92a67
SHA1 b89f4c1f1529dae9d0c8da99bfe5c65d8a05e500
SHA256 85bcaa37915841f59fdc6f5ae58d5a1413ad383ff5cc79a80b5585a9430f6321
SHA512 d03cb2e2937507cfe66526663fa04bc9f47fc24ff7d319687b7d9fa9d188a3959f8dfc4fb58a01c8cae2406a3285a3fb5a7a459ad3a2b41c873fb913110e6333

C:\Users\Admin\AppData\Local\Temp\_MEI20362\libcrypto-1_1.dll

MD5 0941c662082b05ebe62291f286a83e8c
SHA1 07c8641b96a52915ea5d30d5891478556f8d9208
SHA256 5fb7a352f7446297b524902cd1bf9f4e6f2fb60cfb2daa9e3fa0f76ce91f9c27
SHA512 d0dae6006c1d1978f3166ab3663ca14f50f0b3699357ce89cc53cad0ffec81c089355c5980bea7ad527030fdd12a26cc0cb6422a933e207226e77d2730d69da4

C:\Users\Admin\AppData\Local\Temp\_MEI20362\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI20362\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

\Users\Admin\AppData\Local\Temp\_MEI20362\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI20362\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI20362\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\tmpywh9rk72\webdriver-py-profilecopy\favicons.sqlite

MD5 a25f4695bbc2cc3bb10bfc72fe8c7c91
SHA1 746ab4d71282026d95f6ff41dbec04eb801f0ff3
SHA256 a813d451fefd83c27db756cb1482a8877ef260059ac06eceb462c07f16afcbca
SHA512 914a179074abbb31753501a96d0be7271af768c91dfdfa25f57d97ea65241fa5fa2fb64c3b07e069e2e745a99775cc45a8695a6581950246ad741166344602a0

C:\Users\Admin\AppData\Local\Temp\tmpywh9rk72\webdriver-py-profilecopy\places.sqlite

MD5 240682b78b4526eb4748ff17cc91a984
SHA1 529f6f60a106279d7c91dafcbc4ed6632b045c99
SHA256 a9c7eec1fd56623cb2c1159185624082a51e7a4aa4d33b7aebc6ce4b6911be4c
SHA512 f12d0454bf77824cc5071f6175e597884164f328127770e605348d43fe8fa8fd9cbac00e6db187150cf423e47deebeac0c888abff04398d56fd30562cb0703b7

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 583bbac938048639702bcc90dceb8a07
SHA1 31c535418288476ea97281f4dbda387c13330d8f
SHA256 58a85ff18fe4caa723af4e9c7db9db7c9a9406c2b3ec2d3199258ad3d64e28b3
SHA512 ba0bf1ee9b55e173e131e65317c12bb4663b48157ee5c8962916a5b00409a689e6e58518858c7f4f8b195af9d68eca339779ff901b28af674ebd4940ce82da29

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezY0JYb\extensions.json

MD5 8842e29a903b2d392fa6ef76c487fed1
SHA1 8a9c6161501953d0a8a4d5354eeb7357b3a9a65a
SHA256 452318db996b8b20e125da9266e11a494ceb8a408c20b7beeb929dbef9682ec2
SHA512 10d1d555cd88640f6501fbd3e6f0923fa34cda06ecb7ce227ddd3f8512111e712f3fb994f50340e05d18effcf68655136357a38d630e16d823cd3503bef1e2d7

memory/2472-695-0x000000000B830000-0x000000000B840000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezY0JYb\prefs-1.js

MD5 5d5348ae9a0f47c8731042f542741904
SHA1 7a29d6c8d1ebf31591667c556cf26bfcb573a5c0
SHA256 657561bc4b8b7922ab92af5c9d4bc84f0ee051f479ca5be79ad7f749fdb14bcc
SHA512 ae4356431bd44ed9cfcb261e681046bc0fa23d157c700f74180545d37cd930f033da0228f478f831e1023c44f36ed1e2c8a2fae6490c92f5602e022234cfa167

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezY0JYb\prefs-1.js

MD5 93464f9ae52c2dedda238ccdd30f3d6e
SHA1 f966c8b4931ab249607e3aff545ac847346fa04c
SHA256 2e07757e1ffdde54276b9f42584ce46e697863338e980f798f512d82ebfa8900
SHA512 459b09c14642bcadb2483428d21741e32110743904191be3b2a656142855583dff4fe1c4b78464cf517fbac3d9e61fa6ea96bf358cf4231836ea40e2e98cef4a

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f47ca50960fe5304afce9b31d0bef76b
SHA1 daa3e58286bbd326a7a814452671797487432a1f
SHA256 d046ca814d6e72342e2c4c593ade204c9bad67b33ed4157d5c22c2134cb1e08f
SHA512 86aedc786d6cff9eaae88eeffc00c3e6e653bc696a07028385fb054290275f8aa00220f3fe67aa037e88056e8399c3ce16f88d3c78a95f496821445654d19c4b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

memory/1564-1164-0x0000000009A40000-0x0000000009A50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\startupCache\webext.sc.lz4

MD5 23dcfb75c456d8be2341a0594954783b
SHA1 2b19af4f10564a61e0d248aba18e91ae50bd0d6e
SHA256 83055a25b75be4a5ebcd63583a0b865db1f0da4e9b4c5468e7fc233f38837df2
SHA512 60779e0f5e0909b5b54b49c1cdd0141b3eae5369736d5844ee3dc8344802f300b502651326f6e0396860faf55b985f150753b566c73570eaf2f5f39852d62f0c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\prefs-1.js

MD5 38e18ceb252d588686828da10fe9724c
SHA1 778e3fa10fdc51c64a58baf4795a0c6bf6efd61d
SHA256 cb3767d6cadf924736d676d7113a7112d9b426ec6b2f0000c1ce477faf899dd0
SHA512 883a6ee587b860201436852f9edc8d750e4bf7d14b8d106395f3e75bf8a0f050cb5c730de78f1df83f04260137bc7031947a42d05ca2e22e56d3e38cbb0921ef

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\prefs-1.js

MD5 5fb66d543b6e7e3c051efe100a87f331
SHA1 aac62ffdba47804a1c0fc25890e80be40a5dad31
SHA256 7ce62b7fdd5215de0f744a86d55571fd1e38a3b5211bdb94d5ea6c67664bbbe9
SHA512 331f18d84865c75e460e7b67315b271986835516ee75832eb7d6099310dffe7f0221565c7c8a8675d985ee78b4195a2ebd80b3c855e025fc5de8043985a5be43

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYO0Sz9\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq\prefs-1.js

MD5 db081ee55068f57b648852a39577ae2f
SHA1 4cf3d0c98f053f0fe6373fd51ad566cbec98a175
SHA256 44d9f34bf6c4bbd3b7889b166992e24d3084f3395e3e8b598dc0598c84846f52
SHA512 5f78e9947377da3486019b29d924ece4ca2affabfc7a5cfde978c04d84eb9ebe25cec9c9646563983daca96cdea234cd76c021180e30373d0a791c5bc0c29b81

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq\prefs-1.js

MD5 72e1cdc2e251cd2474de8a2894b29dd8
SHA1 d71578f128425f14078a39bd8e21d53179498861
SHA256 008d847625b59527707a4f3ed3903c72b324f98f053a1651fffce04aaf742847
SHA512 5340bf7c6436889bd59653f3d46f7bb6fa813d9f8944621b151b6bd35de8de1365109a286b2c99ce1f7a6bf4089888e97c1a05e4f2011aaa9942576aba10844f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5c70nq\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVeL7bZ\prefs.js

MD5 4cbecfbb03aa81aa2d8c62eb8b7bf232
SHA1 2e0491090b3f70fe28c3a418a30937ba175e2921
SHA256 2049950573fa1455169ae42a0233d4f412be278b0c31577eb366387adbea7dab
SHA512 da799607858e75ca3f7cb166535503aff99fdc142683602528c08d96ecc4f396d2a98598e8e8cee5542f4576600ffb7cdd37f0784871c6f5cc4155a617f44e56

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVeL7bZ\prefs-1.js

MD5 2e0c6b6c9fca8dc308f442313c810e8a
SHA1 395f921a5c04b87dbef381294f1f20062fede695
SHA256 255d6385418d02b3dcc6e28b421f8739359457e5a809e9dae7ff827f367baa2b
SHA512 8ade4027505444982fa5d447b6f100c12f2f48eddca7284f2619a03c3146a0dead149e5b0fcbc47c4950495128efa3a5c5912dd9e69a1673f760c8ad33aacd09

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVeL7bZ\prefs-1.js

MD5 e7fefe6fdaaa62b3fe4149da2c0698ca
SHA1 fa3e11aad371dbcf3abc480400d5656e274875dc
SHA256 1e681ccf523e27a37e665bdb42df71566b1a7bcc8492f259de1f62a733f171cb
SHA512 9d7ff01e12f8fc0d348e90f54d220f8c1711e5ddbd8b1bc38f2cafee8c0f958a6a8aa89fa869c183265c79eac0803408edc4dce6ed64433f839a8aaa2fe6c082

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx\compatibility.ini

MD5 916ec179577a55c8e8d5e138e01d1605
SHA1 6bc841f96814755f15daf1453734c53375d309cd
SHA256 4e1dfe3879380620d592f5f3fb77dc548637d916acb6b37333790b0241cfbdde
SHA512 092ea72949bf479db1a7b42cdbe209f7761f1d4b503ecddac5b063901f0477818dbad79b49972137948b16a9035b31cd9367968b676a2704dc6cc5ace5a1933d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx\WebDriverBiDiServer.json

MD5 c0818a5b4f43bdd39f98d4e0d8ec645a
SHA1 83658639eba39248f968967571551ffdb70dfb46
SHA256 8d77366e880ba6bab3f61979f0e932245f0f04f09fadaf07b3565c96ad511f8b
SHA512 0446864e37949cf1480d06b71fffeaa3cab62c0daf6a640034d10f9a5a6a8b32cd19e5afbbbc984bc0a9a258c543ea9ffc28a94865c60f52786eadb53b684e94

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 03f4eb75d464a9bdaa773ae689ae7984
SHA1 e901679b3a923bcb733adce9052482246d2fe0a3
SHA256 3f3a6d1d05334439a6b0b3499934d06ad5d8feb9622e0e3df5bcfbb1c8ca48be
SHA512 ba1343443dc1f8a01e62ad27f7ada21f555c4c08851c283cf624b05a7f8afcfee823dad8fd9695db1a078544b880830c1bd1e64f0299a45e9f5d4f71111965fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx\prefs-1.js

MD5 cc0c560b16d0a8deb27f08390b5b8370
SHA1 ed9571857d335b28a7ea3267a2cb7be943cd8856
SHA256 f0ad27ad6846655957284c3df9159c0c4681ca9c15c83f320b3095449303a9b4
SHA512 476c8add149e7b1416357ada7bdeb616ff5045c4079e6edea17c6833e0bf2553eeb9ecd9cb1aceeb47e18fcfaedaf298036c8780c42204ec2615c38f11083313

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx\prefs-1.js

MD5 45d86cdf4b12c8797e21686e3629b909
SHA1 6bb6aa973f03e10f216bfd6373ab6642ff6373b0
SHA256 e025b9bacae25c5531b90304c8c6a2c8940ffee66eb52d3d1cf1d98c32fad23f
SHA512 ae403c09d2136d0e19f706ddc79073bee4e2b53b1ed0bf140abb991fe8e11463c505cad87256b20f9dc2c013e65742c2eec9dbd34bea16d9550ea3bbc99e2ac6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAjE8sx\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMn4mue\prefs.js

MD5 19fea27fced165c52c7d6164f8a2b826
SHA1 7551631f3fedac8e9ec9b8232d2acfe75cf177f1
SHA256 57e8ab4dd15f0c7c9ef1b0dd955ef81ca10639389ee4a4f27271190fe0fd2f5b
SHA512 9d192a9e489b3ade0a6aa734cdaf49ec282bca9f4b951e8aaa65fa701fa73f045fd3af584ad08ea0637b4261737f038396598cd3082012e16e76379b0a323c9d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMn4mue\prefs-1.js

MD5 df264b72f890b74600f79a479ef25d84
SHA1 429481a6927a57bccda541520ec494f0feb0ecdd
SHA256 d63ae41034dc2b9f37356b2db94d35f2401b98a00fe253e9f8605c5bff0e83dd
SHA512 447be4d5991ff48059a7f9b1371837920391fb0d588ff8706d64096e83e4144358636161025b7c5368217132a29a0e8271e0741e437acf1841faa76711ba73c2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMn4mue\startupCache\scriptCache-new.bin

MD5 524c93d272caecdb86699699a4c81fc9
SHA1 8330399640b1f135c733410ec1c36b7ddd77a75e
SHA256 c27dc10653226f1abcdb5b40537dc63990477003928c9387fa468e230f538e44
SHA512 cb317b82d4f8c28761769174f48559550b0a71a95863c8abbd22266154f05e204fba0d266b34aed25dbbc712aab5ce85b68803bc627bca2572ed2db9ac50ed1d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMn4mue\prefs-1.js

MD5 fa8a8e0f108f88ac6a9db7cc4d089a3e
SHA1 d0476d3078e51fda1e349c9bc5f4ccbee03c0536
SHA256 5ee0d7be57bda4e2e7b709405b08fbda6b09de79382db54c6f8358cdb2ca3185
SHA512 64cf5df9339a9c3a63ec5a10a0af5605b89fd1df3c2d089bad0ec85ac34ca3b01fcbb4709e4b0a37e936c4d376d0adb35ba4d556a9100c3e3929fe5b736fcc56

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 184 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 184 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1592 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1592 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1592 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1592 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2312 wrote to memory of 4880 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2312 wrote to memory of 4880 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1592 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe
PID 1592 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe
PID 1020 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 1020 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 4160 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe
PID 3164 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe --port 59542 --websocket-port 59543

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59543 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile35S5jQ

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59543 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile35S5jQ

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3164.0.414363903\130418808" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {78296c93-7726-4821-9f5f-3c6e016115b7} 3164 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3164.1.1123705996\656726105" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2672 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {77b90636-b7ad-48fe-913f-a3b2edeeef08} 3164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3164.2.549585808\201123408" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {600ff380-55d4-454a-a6b6-8216d2dc9493} 3164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3164.3.1255769604\1095945192" -childID 3 -isForBrowser -prefsHandle 3476 -prefMapHandle 3284 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {bf400247-2635-4f4a-b268-0acf0ebc92d1} 3164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3164.4.561867427\1379564837" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3828 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {34340e6a-d2c2-48bb-918b-f9b19bf56a2c} 3164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3164.5.2144062309\1825285415" -childID 5 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {00d582d6-3ab8-4e80-82bd-e6f2be4ab94e} 3164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3164.6.385068113\1152945849" -childID 6 -isForBrowser -prefsHandle 4192 -prefMapHandle 4196 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {e6a2be64-936a-4788-8ae6-a418cb8caf1a} 3164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe --port 59542 --websocket-port 59543

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59543 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59543 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="4652.0.317007034\368876361" -parentBuildID 20240416150000 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {9fc0d2c2-47f5-4344-8496-4fd4f61f1b43} 4652 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="4652.1.529094040\922779980" -childID 1 -isForBrowser -prefsHandle 2552 -prefMapHandle 2548 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1232 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {bf8f2087-d93f-4e26-8aaa-33760a4b3d84} 4652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="4652.2.34439558\1176576100" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1232 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {4525c4f0-008d-4890-802f-e14e9b59c3d3} 4652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="4652.3.2104346129\736251772" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1232 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {a929059a-94d2-4008-8a9c-f46a8b95a5d2} 4652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="4652.4.1529584466\964303972" -childID 4 -isForBrowser -prefsHandle 4060 -prefMapHandle 4064 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1232 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {63a5a104-d306-48ab-a65d-2743bf5620d9} 4652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="4652.5.573019907\1340740032" -childID 5 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1232 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {5989264b-74e5-4f81-ac27-5857d456aaf6} 4652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="4652.6.70523003\1793125681" -childID 6 -isForBrowser -prefsHandle 4180 -prefMapHandle 4184 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1232 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {5753d3bb-b410-4e0c-90ce-35170b838c60} 4652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe --port 59542 --websocket-port 59543

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59543 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwnugP

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59543 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwnugP

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.0.1904032945\1705378582" -parentBuildID 20240416150000 -prefsHandle 1656 -prefMapHandle 1648 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {51566370-fe2e-4c03-8d0e-fa32fe950358} 3700 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.1.1662657682\1556760623" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {1fbd05c1-8637-4177-a791-c06922f05987} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.2.1511011501\274475014" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {d353686b-60b2-454f-af0d-55a1132f7aac} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.3.2130049837\458811985" -childID 3 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {dad905c4-653d-4b5f-9ce5-f7990a7f6cdd} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.4.1434483775\873937667" -childID 4 -isForBrowser -prefsHandle 3960 -prefMapHandle 3964 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {314f7f4f-414c-4abf-9807-3cd2e95ae648} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.5.1155749913\1218319898" -childID 5 -isForBrowser -prefsHandle 2436 -prefMapHandle 3412 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {6c69dab5-6031-4460-aeae-71e469c6a235} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.6.506734277\358457620" -childID 6 -isForBrowser -prefsHandle 4248 -prefMapHandle 4252 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {870eb4ce-1093-4539-922b-e704daf1aac2} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.7.1974683722\1309645659" -childID 7 -isForBrowser -prefsHandle 4828 -prefMapHandle 4820 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {d54c1d22-d324-44cc-b558-7ca1c6d1f7ad} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.8.384393836\503924554" -childID 8 -isForBrowser -prefsHandle 8820 -prefMapHandle 8824 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\browser" - {506df457-a835-45f1-8dab-dce1795e80bd} 3700 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
FR 54.38.241.3:8443 tcp
DE 51.195.41.1:443 tcp
US 8.8.8.8:53 1.41.195.51.in-addr.arpa udp
US 8.8.8.8:53 3.241.38.54.in-addr.arpa udp
N/A 127.0.0.1:59645 tcp
N/A 127.0.0.1:59647 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:59741 tcp
N/A 127.0.0.1:59749 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 66.165.241.228:9001 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 228.241.165.66.in-addr.arpa udp
CA 155.248.227.210:9002 tcp
DE 185.177.229.20:1080 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 20.229.177.185.in-addr.arpa udp
US 8.8.8.8:53 210.227.248.155.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:60119 tcp
DE 185.177.229.20:1080 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60127 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:60473 tcp
N/A 127.0.0.1:60481 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI1842\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI1842\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI1842\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI1842\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI1842\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI1842\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI1842\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI1842\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI1842\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI1842\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI1842\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI1842\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI1842\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI1842\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI1842\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI1842\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI1842\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI1842\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI1842\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI1842\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI1842\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI1842\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpcqw8w3hj\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI1842\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/1568-485-0x00007FF8CD530000-0x00007FF8CD531000-memory.dmp

memory/1568-484-0x00007FF8CD4F0000-0x00007FF8CD4F1000-memory.dmp

memory/4704-510-0x000001803C800000-0x000001803CB55000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile35S5jQ\extensions.json

MD5 a1983ef2d910e32d300181ef1ba66551
SHA1 e36f4972b87528181b7bc9ea962886e757e2e60b
SHA256 26c8f970e0a24e01e849b2ce620081036e794a9fe8bc8e1f799373ce3272985f
SHA512 4fc21e8f3920bde3eed881264a27a858a5e86738688b8934c6b7ef82fc012d0eb55837b10fcbc35d1c969eb293cf843775c8436359a0fbe9a5cd370101eeff0f

memory/3164-544-0x000001FDC8FA0000-0x000001FDC8FB0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/3164-593-0x000001FDBD4F0000-0x000001FDBD660000-memory.dmp

memory/2272-601-0x000001B6D8C00000-0x000001B6D8F55000-memory.dmp

memory/3640-603-0x0000021431000000-0x0000021431355000-memory.dmp

memory/2944-602-0x000001C43DE00000-0x000001C43E155000-memory.dmp

memory/876-604-0x00000174C0100000-0x00000174C0455000-memory.dmp

memory/1568-600-0x0000020905100000-0x0000020905455000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile35S5jQ\prefs-1.js

MD5 a68eb0d9e76b9cdd3e725ec9c38538ab
SHA1 df768f9540da1096bc42331d56d4bcce04eca0f6
SHA256 99584782561ffece8ad7219938b6837ea96aa8fc458c5c72bed31f743ccb9ad0
SHA512 51c645beb9a1eb3a42d0cc154140911fcb896b4b7866f8b0cc56799309bc4efc77a7844cafcefd37d58ae004fbbd4b2f9c7787e4172d8095213a7b25acb50920

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile35S5jQ\prefs-1.js

MD5 1d18ef12260cc600c1af61cabbeb61a4
SHA1 af93cf3bb93017c2b0f29d10c44fb94a2205732d
SHA256 da0d83356ca0bc2bff7950b1a0f0a0d408ea7ba6b8cbc228a9dbb444c461b43f
SHA512 f563656a2b7c9bb426f38632b0221f191410cc107057378c85fbb31682d15c6f817bba738a9940a9ae7b91548cb02083f4c3414f7bae79de77bb812d6906342a

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 9233f00844b7261cbf5cbda16ff0f431
SHA1 1e299d7938cf9457fb7e541fbd694a2945687b9c
SHA256 1f27195850924eec46a8ee68745485d0b33deeccd0d5f85646b15f7c7b33f614
SHA512 51a64881c85f52b48bf631245adce0a45f61f4b8da4ad95c727470fa8fbc8d36a7bc36ee72e480b8a74ca363ce5f5f615c8d38c99d75e806a665f8e1dbed44f8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\prefs-1.js

MD5 f91fbfaebf6a0ae0ac7df8667fdc2634
SHA1 d6400715ee261e167b8539712644c08fff35b4ab
SHA256 a6ca255a145c095cd1e14731842894862cd2eb2e5d2444c126a326024f2a54e1
SHA512 ea1aac80636f074a8ec98fa3403a2afbc9f6bc7615329a01b713b9b37b1d17e2da5e0b9fc41d5f32f928e9bb989e2afd7e0b8548e08a38edb22e4bac8fba8f14

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\startupCache\webext.sc.lz4

MD5 522fcd33b73070466b67d7e3faf277d4
SHA1 b00196db937fb22172d0698ec8fd2a71fbbacf82
SHA256 5facefb050681b669f511ac627298e2e3f0fd4902c8aeb890f6104b6cd3fa057
SHA512 c283511f23c95ec57bb77e2688ca3d7069aa1e10f8ba73d64eb2bea3713af2f0289c96d7e91d360aea4364769f8c984e1b2b559c5e2b7e6b458dda3229dfd55a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\prefs-1.js

MD5 becce0a1e6641bfbc5f9ba42ddbb4f23
SHA1 043693ce2881f7d83ecc53aca905948f7c843477
SHA256 20b976433cbe3866084beae1bf4178eb127c03c0e8a27cd59b0728e104c0512d
SHA512 b944bd505599dc86b85a8bff86e7b60e77d25bb3ec532028e8d528255cf04fa04767abe3497f0e0f2ce97eb90d3fd25740ca6f4752f7f483db69ccf1d3420537

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\prefs-1.js

MD5 01e4a021c0f8f2f30025abb5c6e618f3
SHA1 ff83e74dfd63a54ab4a00f34a6fb2f672e44b52e
SHA256 3c92c22b2d5185bd400fd89652e95f7428ca4ab61a1ea4533590f8f8b3cfeccd
SHA512 b92b397b81168d7044eaa3271bdd13db92b1d39d74db119b8ceaaba156614a7591ec2f2aff203239a7f3bbfe696325e1e2a76be6cf01b5dbc71d16f87a2574c1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenG2mK3\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwnugP\user.js

MD5 e1826782a1d691cfa6b86e2bc76d578a
SHA1 809a830cf7f7da69ea7e4c2d466a2c04882d8948
SHA256 39ae340de7adba43e2bc5a2ee370404b79a637e537b4424fd3979d1e49c0d7fe
SHA512 5e17da34135852bbc9824c9c2f57e6e63ecde31f4a74d6a4961972c138e6f2385f6102536c44506590cf2fd319ccf9a3f5f49ae3ad7202e44f5082e70f42d3db

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwnugP\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwnugP\prefs-1.js

MD5 4a6e48f076e916e6c0740bd2a94435cf
SHA1 e75ada2c62e864aefe4c6ed11ec0764a746038bf
SHA256 3ece0760a43ff9c7b78bf2f9a1b0d783dd5787ad347b58cdd8ffbad35d99e362
SHA512 7cb34f5d78d647ef47949f2d84ae75baaff017da20ad5a690ee29a0d2da788d901917e4d7c00293bb778377735091138e16a03dc430b298b1eb899d1f2beebfe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwnugP\prefs-1.js

MD5 0f56efd610f539dda591de1a6ab3e6fc
SHA1 9a5c66355599471e9c30ecb1b6ad0f1534f8fd50
SHA256 22ee0a2e92bd08394496bbad141387cdd40f782f9f22be97b3b403d379224918
SHA512 a9f2a869e3d1c334cdd2d1113283fd57a2a9c399059785dbbc4392826e329bca61b427c908cdd57dbe18d40fd1383baf02c618a5d24c5f6760971ecdc58d5d2e

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:00

Reported

2024-05-09 01:08

Platform

win11-20240426-en

Max time kernel

285s

Max time network

253s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 956 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 956 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1440 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1440 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1440 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1440 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1800 wrote to memory of 2000 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1800 wrote to memory of 2000 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1440 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe
PID 1440 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe
PID 2752 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2752 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 2220 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe
PID 3084 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe --port 50016 --websocket-port 50017

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9auW2x

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9auW2x

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.0.1472107534\1287031017" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {ea605451-6800-41d0-9d22-3d7fc201c61e} 3084 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.1.1506704836\445119299" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1372 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {dfa74ca9-21f4-4122-bc08-ace412343800} 3084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.2.970750041\620380853" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 3008 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1372 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {95b75ed7-fe34-4b8d-9693-9ee45dcfd54b} 3084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.3.1172435746\239317935" -childID 3 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1372 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {d7dc429f-2a87-4cf4-af1b-9bd4d207f23a} 3084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.4.613858026\392610526" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1372 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {4d092361-9500-4be0-869f-b659beb48a5f} 3084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.5.823174299\1970651454" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1372 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {47e0edf8-4ac1-4117-b77e-1f75ed3e7179} 3084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.6.947450261\1461415983" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3988 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1372 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {de01d818-8a41-457c-9f11-2ce79780394e} 3084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.7.268151722\174863814" -childID 7 -isForBrowser -prefsHandle 4356 -prefMapHandle 4352 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1372 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {9eed164e-270b-4e7d-8f7a-32bff9e4d61d} 3084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.8.718232487\371279437" -parentBuildID 20240416150000 -prefsHandle 3388 -prefMapHandle 4232 -prefsLen 27675 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {adbf8a03-0647-4c74-ad0e-6e37e7cf38be} 3084 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3084.9.1552836691\2111241201" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4392 -prefMapHandle 4524 -prefsLen 27675 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {6150c6f5-f8e0-4f47-9ae7-74d5e5237df6} 3084 utility

C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe --port 50016 --websocket-port 50017

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileETv5ms

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50017 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileETv5ms

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.0.726889340\292263833" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {a945a79c-a5b2-47f0-acf4-d1bdc9f1f4af} 1532 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.1.1834460656\1946066247" -childID 1 -isForBrowser -prefsHandle 2384 -prefMapHandle 2316 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {f275f126-57ff-40c9-a64e-692cf2391855} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.2.532822409\1193697647" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {684fc051-e850-4187-a7e7-261711694c67} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.3.583693805\1373700470" -childID 3 -isForBrowser -prefsHandle 1424 -prefMapHandle 3376 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {c4b77782-07ce-4029-956f-3d2a34b489a5} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.4.643697455\1795761691" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {98235792-ec46-4150-a7af-5cc46b89ee98} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.5.2067961187\315101401" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {0c62ad1a-e41d-429b-bf43-21805ad9e58e} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.6.301051396\2003310164" -childID 6 -isForBrowser -prefsHandle 4120 -prefMapHandle 4124 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {c02b2c9b-65b6-42c8-b7fe-764bf3d24e0b} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.7.1748061161\1254240421" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 4508 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\browser" - {ece4e53a-af37-48ed-8cc9-2342650ede34} 1532 tab

Network

Country Destination Domain Proto
PL 193.56.240.157:443 tcp
US 8.8.8.8:53 157.240.56.193.in-addr.arpa udp
NL 45.92.1.74:9000 tcp
US 136.62.97.182:9003 tcp
FR 146.59.197.114:9001 tcp
US 8.8.8.8:53 114.197.59.146.in-addr.arpa udp
N/A 127.0.0.1:50119 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50016 tcp
N/A 127.0.0.1:50215 tcp
N/A 127.0.0.1:50223 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 136.62.97.182:9003 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI9562\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI9562\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI9562\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Local\Temp\_MEI9562\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI9562\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI9562\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI9562\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI9562\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI9562\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI9562\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI9562\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI9562\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI9562\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI9562\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI9562\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI9562\libcrypto-1_1.dll

MD5 22f805d81bb63c361749aa058a2c2f3c
SHA1 721c3f519b4c8235d13805cf78433955b5762a94
SHA256 43740842e5fb5053106300fd1abc1eec7f8dc967331169ca7f866ebfda0f7cb3
SHA512 731727624516f2cd9d61ed7df0af1cd99b93a5047ad83e39a8aee7e9804f88482f1d486d0adb5b75c2cf05612dd566ddb7b8a4a4b49bd395cb298c7ed17de61e

C:\Users\Admin\AppData\Local\Temp\_MEI9562\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI9562\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 e88f920eea5c271a28fada7c43ab658f
SHA1 06c7deb32a34edeb15d894ba4fa3ec1bec07e8d7
SHA256 cabef1e23f442e305d2be6e4ad4d8ad2b085d02f47dcc2786536219a8a5b574f
SHA512 3083f61cf52db692d966a65c418b41d402bbf1adc9fd3cf6da5a3a30b554bb158be1f496c7403ecfceef6043d422ebbc0b61e52906c4ef477daf04e721c1a43b

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpjlvvm8up\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI9562\mozglue.dll

MD5 500873bf52d38268fb29e69bc4d978ad
SHA1 5aa1eebc1dfd4b71d2c4cdc5a78ae9469f477d3f
SHA256 e08d53dab75d57f2861246a726ba79da5047e19d5e61d56981e71f625303c690
SHA512 03e7ec4382f394a1e1fcc2a0de64ad86da1536037e8820644198b351707ed7d5694495ac09a458d76b3c11a3aa1a5f7546ce411cf49955dbf3f14e72c36ca71d

C:\Users\Admin\AppData\Local\Temp\_MEI9562\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI9562\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI9562\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI9562\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI9562\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\tmpjlvvm8up\webdriver-py-profilecopy\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI9562\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4260-483-0x00007FFC339E0000-0x00007FFC339E1000-memory.dmp

memory/4260-482-0x00007FFC33750000-0x00007FFC33751000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9auW2x\extensions.json

MD5 ea325027e0c81a2ae5e19b12b87d0067
SHA1 2834a248257d9cab03d3763d880e5a8757460072
SHA256 eee77bd2208cba558ff064c11f9c773840393c0b2ad2973310ee52fa19b6b5b4
SHA512 6347060809763286c655b3befefba38c09870d4e2088144fc8b96c3d3313fbcefa529181f22843b8703d32e0decec1883f6c567f02f7eca687b1162d6929d08c

memory/3084-540-0x0000018EF4290000-0x0000018EF42A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9auW2x\prefs-1.js

MD5 116995f2866bb2c63701c869b179f5ac
SHA1 bf9aeffc29859a0154a30133d56cdca617f845de
SHA256 2f35ae4eb55188f3b49b16868ac230188da453f20f15c7cf1e4b0e5f3d6e772b
SHA512 c7fc7df2a3bb33401fe77fb4f251dad53cb1b6ef2fc26bc6d2b20b065f112ea80de923f94a11c57fe54f9de4a22e94e43ac9858837beca88edb9a36071c410a0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9auW2x\prefs-1.js

MD5 5bd55bbce63c718a0b97a5a75e215100
SHA1 7ddc7fe1ad14c3ad57cbfd81043db93999178d65
SHA256 10016ba6feb4ca18608d56ce069adc7c85262d183c6c42134392014b1447eae6
SHA512 8a4b01ebdbd050e8d0e75c62287dd9e5c4392d7be0af9b7d19984a37050191c5342dccfc542cc9411b6f94445028a6dad3b74f174451946d9868d2e4da50dbc9

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f240ee968bb8542f335fb5baacd2f3e3
SHA1 1f5ee3d85e8bc258660002f32eb98e3a73ffb93a
SHA256 18174aa86e613698fcd04f3df66f517caabe23b9be993eac587e4e9cb68a71fe
SHA512 206c81f9341341c549cc5f33346dac30ca5cd9fb645d49edb970765c3d8525f34f4298c1260d51b968a4ff1801f29a7daf64106c53bd738cf177808221ca8c77

memory/3084-664-0x0000018EF4110000-0x0000018EF4120000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9auW2x\bookmarkbackups\bookmarks-2024-05-09_14_T6u53mPvyLQndqxVPTv9Qw==.jsonlz4

MD5 55e2001cfe7e1e02ddc10b249a711065
SHA1 66d54c487a19b467c6e0885a3f6a0f415c44a58c
SHA256 8e16428e3972e80e5b77a37eddfd9338431110e31cf6a95b6a7bb45cc82095dd
SHA512 75dac859ece5652f9ca69b3f4919497864045349bebb800bd2d2f80d988c0a176efb7ae4e739f51995a0709e49e4501c8027730c029666de9ed791054ad26229

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9auW2x\prefs.js

MD5 efd8ce4a086c7c4550b523015872e6d1
SHA1 78a11f05422d00fa0563b7e48c5ab5248e773c42
SHA256 73fd78adc5961e724af4b9ebc64a1fb8ea1b9d1d356509b0f8762df6a441b782
SHA512 3a639dc7e38dc2fab382d185c58819613292fe867f1df4ab2a82bbcfe501be9d90eef1aa302794cf6858518567b20309d8fff50afd8c3c055de78fdc5f0828ae

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileETv5ms\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileETv5ms\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1532-962-0x000001D0D18B0000-0x000001D0D18C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileETv5ms\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileETv5ms\startupCache\webext.sc.lz4

MD5 079b465a7baba00ddab60b1e97a2bc6e
SHA1 505a35dbe060c42d8a49fdc770eff06536ecd8c5
SHA256 3febeba1af9663db901c22ced7dff43a557d83994261a62f8905c141136ab970
SHA512 99083340e14a3c9ceed1b8e741a795d1366d6e00eaee18c1c1cef2162aab581dcb8829c9ecfcfe07dd702774b354895ded226bc60e2723ccf8dcb57abea14f17