Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-bfeydshf9t
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:06

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win11-20240508-en

Max time kernel

299s

Max time network

314s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2764 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2764 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3304 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3304 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3304 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3304 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3280 wrote to memory of 2160 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3280 wrote to memory of 2160 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3304 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe
PID 3304 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe
PID 956 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 956 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2184 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe
PID 2632 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe --port 50038 --websocket-port 50039

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemGrMiE

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemGrMiE

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.0.344324390\256067224" -parentBuildID 20240416150000 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {51d2f183-d6c4-45ac-b714-7d4f60abb6cf} 2632 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.1.999448581\1169554507" -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 2548 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {3b7e5342-e707-460e-939b-4207c0bc37fc} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.2.1197624131\626537803" -childID 2 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {c1c48b6e-cfc2-42d2-827c-9d51fc3af2e6} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.3.1533140171\267367917" -childID 3 -isForBrowser -prefsHandle 3548 -prefMapHandle 3552 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {d937a45e-653d-4167-b395-24f353f7615d} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.4.516065441\1681691879" -childID 4 -isForBrowser -prefsHandle 3316 -prefMapHandle 3328 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {edc42077-aebf-484a-a9d7-9b717bdc02be} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.5.677590934\373915090" -childID 5 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {42729140-ac6e-4d09-892c-3af31c7ee09d} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2632.6.1043483231\1676796349" -childID 6 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {e9845949-f972-4754-83ad-db5a68dfd2aa} 2632 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe --port 50038 --websocket-port 50039

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.0.228428300\1731305648" -parentBuildID 20240416150000 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {efa06905-a778-462f-b99d-d678e9272609} 3700 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.1.1449267184\544307482" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2288 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {0a99120e-96d2-4fd9-8f61-93ec395a80b1} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.2.19616246\1921622560" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {f73d5d04-d039-478e-9725-525fae99b978} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.3.94855428\400300372" -childID 3 -isForBrowser -prefsHandle 3160 -prefMapHandle 3496 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {6af90a6e-0ac6-40fb-83f5-b68a6951fc31} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.4.809786609\1672146734" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {9151c658-d28a-4aa7-8718-136ae142c720} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.5.2022996577\1351944594" -childID 5 -isForBrowser -prefsHandle 3768 -prefMapHandle 3772 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {cbcb93b4-e206-42a8-bb7c-15a2a5df1dfd} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.6.1398350389\1761539535" -childID 6 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {173d8454-7193-451f-a8ad-714bd906f1e1} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.7.1508046000\2082184606" -childID 7 -isForBrowser -prefsHandle 4620 -prefMapHandle 4616 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {9da2ac98-47d2-4fb9-88e0-24ae73fb853c} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.8.1836813564\1476316798" -childID 8 -isForBrowser -prefsHandle 4952 -prefMapHandle 5020 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {7553a172-0121-4ff5-ae0a-cd938a692cfa} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe --port 50038 --websocket-port 50039

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilest8ecX

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilest8ecX

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.0.1612383804\2142003522" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {07c7249e-9b2e-4e68-b46b-a05b2a209c6a} 2016 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.1.659777621\2102658760" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2464 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {e225ccc1-d2cc-4dd3-821d-8cf8191969a8} 2016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.2.1489373131\663780812" -childID 2 -isForBrowser -prefsHandle 2620 -prefMapHandle 2616 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {f3fc151b-7334-47c4-a408-0f129dd16030} 2016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.3.536890016\438562693" -childID 3 -isForBrowser -prefsHandle 3556 -prefMapHandle 3636 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {d9fd55bd-72e9-4ecc-8061-546d871001aa} 2016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.4.75309346\667494530" -childID 4 -isForBrowser -prefsHandle 3700 -prefMapHandle 3716 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {f33f442d-c709-40bd-8cd5-208f310cc9d9} 2016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.5.1241968036\1424647232" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4044 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {3f2668bf-065e-4a16-91ae-6071e9652c1e} 2016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2016.6.75110959\450685150" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {e585090a-5f53-4145-a197-f2e427fd7c38} 2016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe --port 50038 --websocket-port 50039

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileljRloS

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileljRloS

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.0.1436210224\892428046" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {1244703a-074f-4a66-a9a5-4f5254627b4e} 4352 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.1.947392310\2102912414" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2872 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {7e22853b-8f7f-487f-bc16-6da869d227d0} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.2.1239519641\947282142" -childID 2 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {fa8f66ef-6465-4397-a2dd-b0848eec2978} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.3.211334951\686493831" -childID 3 -isForBrowser -prefsHandle 3440 -prefMapHandle 3204 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {35324b6d-3e4f-4029-9ea4-8c28af4cec9e} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.4.614173590\1966164659" -childID 4 -isForBrowser -prefsHandle 1792 -prefMapHandle 3784 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {1c31f6e2-9a22-49dd-9bf1-18e50440c24f} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.5.1992780615\2104169192" -childID 5 -isForBrowser -prefsHandle 3692 -prefMapHandle 3696 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {c7902e1b-76d3-4255-932b-f6e992513c52} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.6.1174125170\675220042" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 4088 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {502ab6dc-c794-4899-a8ef-ed0798028e84} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.7.444112910\1092767445" -childID 7 -isForBrowser -prefsHandle 4488 -prefMapHandle 4484 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {81de0e9f-950c-4040-bada-0973a43c6fe4} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe --port 50038 --websocket-port 50039

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50039 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.0.1668053095\75139009" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {4e389843-ea2e-47fc-9057-dea4b0fb0130} 4844 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.1.1731039702\412344463" -childID 1 -isForBrowser -prefsHandle 2308 -prefMapHandle 2336 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {a038c5d4-fff8-48ba-a536-0b8d23e943de} 4844 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.2.1446020304\1114354982" -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {6a2f9230-0ff6-447f-8849-0811df388e79} 4844 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.3.1818774939\2000375024" -childID 3 -isForBrowser -prefsHandle 3068 -prefMapHandle 2992 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {ef01118a-ad36-499e-9999-ea3acd445a6e} 4844 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.4.1807342564\1863805066" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {037554ea-d1d6-4590-bfb8-16c0937da98d} 4844 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.5.690407078\816979722" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {0f075671-3ab8-4429-903a-ee315bdbb5fa} 4844 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.6.1149617255\1802978396" -childID 6 -isForBrowser -prefsHandle 4108 -prefMapHandle 4112 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {d6d3499c-9f27-4c4d-9b9f-082a6cdb4af3} 4844 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4844.7.1376112253\806398405" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 4048 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\browser" - {e670f721-51ec-4171-991f-4b5753e4d1d3} 4844 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe --port 50038 --websocket-port 50039

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 147.135.65.134:443 tcp
N/A 127.0.0.1:50141 tcp
N/A 127.0.0.1:50143 tcp
N/A 127.0.0.1:50038 tcp
DE 195.122.183.170:9001 tcp
FR 178.32.41.33:8080 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50246 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50254 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50602 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50610 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:51110 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51118 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:51443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51451 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:51763 tcp
N/A 127.0.0.1:51771 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50038 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI27642\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI27642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI27642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI27642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI27642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI27642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI27642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI27642\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI27642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI27642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI27642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI27642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI27642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI27642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI27642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI27642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI27642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI27642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI27642\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI27642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI27642\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI27642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmptj20yf4f\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI27642\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/2632-472-0x000001C47D9D0000-0x000001C47D9E0000-memory.dmp

memory/1128-491-0x00007FFFB7AD0000-0x00007FFFB7AD1000-memory.dmp

memory/1128-490-0x00007FFFB5DF0000-0x00007FFFB5DF1000-memory.dmp

memory/2908-530-0x00000247B7830000-0x00000247B7861000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemGrMiE\prefs.js

MD5 14140aa91c7d87c2e8239541f2d986f7
SHA1 b035c453843493e2bcf409911245b23ef8003b49
SHA256 84d89cc5d9533363ac03c059f4c3bcb104baf0f419031544e7f3f690a64ba8c6
SHA512 9bb5fcf165bbdc4c7aa746304b37e6a18d1317522598babead492501cc27ee3c70bf63ea7a60f0d6297c50f9caeb9b82a3be8d3ef94418bc458825cef5f99145

memory/2632-558-0x000001C406980000-0x000001C406990000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemGrMiE\extensions.json

MD5 0fc3e0da3400727f962544ca13f2f37a
SHA1 0bfba81be227c2e533a3fe62a2a856a04f46fee5
SHA256 ad3505bbbbf50b4875c87456485a9e31222d9815064d8cfa2070c1f5b839c6c6
SHA512 ce62d0baf1d3e4d75f903995a95a7e00c7baa01fcbeb857b55160ca4b07f80712958fbdbafbb0ea22db99162a9f13de9137fa28acc343e97250f2696039d55fb

memory/2632-599-0x000001C479350000-0x000001C4794C0000-memory.dmp

memory/3864-608-0x0000016E0AE00000-0x0000016E0AE31000-memory.dmp

memory/2096-609-0x000001A1A1F40000-0x000001A1A1F71000-memory.dmp

memory/1128-607-0x000001C87ACE0000-0x000001C87AD11000-memory.dmp

memory/4532-610-0x00000209BBEB0000-0x00000209BBEE1000-memory.dmp

memory/3644-611-0x0000024C9EED0000-0x0000024C9EF01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemGrMiE\prefs-1.js

MD5 90af5dfc7c58767861b1145378896f27
SHA1 44d2cb0ca03d4a20914012563acbe23635acb880
SHA256 cd3666ab516a08cee2be2a9fde2d9fcd2c5dccb1ec17af596a6d0da8c3f15b01
SHA512 4edc41d51099311e89cc77ba32983badf1794597b02402f4d8852f1e465bf572b5beffa8bf556e07ea6491cf7eb5ea42c11b9cd2569307712474446a4a38d263

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 425217429aed563951d202d0a7e91b9a
SHA1 d14bc0c4e70c02e5c6436d89c191d67be7f24f11
SHA256 4daf6a431ee5db553532be638c02b86d99ad39a08d27d125e96276b185cfd249
SHA512 b38d5480919d6701441e9489a94b63067eb7f015775cd92b7c0c8b0af66ec880b3959ac3fcd2e10d97587514b73ce55353fb5f1c7cf4ae03b3a50b7e26494ac9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemGrMiE\prefs-1.js

MD5 341551ef546eef39ecc61123c9333d93
SHA1 b1426a832f3d1e9d6eeac13250deab23990785e4
SHA256 3d0d45a5e550da1a120799869a65112283747a60673a458af231943c312e3256
SHA512 b4c3ae9e68b663b95250b25686666de22011886a17b3490f062d18e4ad73b4771b8b3d7cbaa4f3d37a32965fb0145134e2fad0c0cb59e456a438d8e846d297c1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4364-853-0x000001E1CBE10000-0x000001E1CBE41000-memory.dmp

memory/3700-880-0x000001FE82F40000-0x000001FE82F50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\startupCache\webext.sc.lz4

MD5 9c90bf71a9c0f888cf5c1acde09535c2
SHA1 1724d3760fbacf7ce80f08178b7819b97dac6fab
SHA256 1b09ea34dbea9486dd863b15d04bcc3780a7f51d81196abcbed9cd4cc164260a
SHA512 2cd8e34fc4a032231c2f988dfd6293af618d4433ffa0cd4b68fabb9b78dbfd110b63c58e3591fe156bc9221175ef2741a6a85571ee1bd1f91218db72cf94b096

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\prefs-1.js

MD5 a8fa9ce077d198c42f022d7901916ad1
SHA1 74c9b378067069eed160f7692eded011d4eaddcc
SHA256 c209ba69e22090431d3f15969bf55d204fe08241184a09a24a8fe527132682fc
SHA512 50df1eff5251c5401125ed2048bc2af3c25a13dfe67ef3e7bb96503062a758e08c4c1e56d78de5ad9288819cfbe31c0de0091c105850e3df9897b2d7e57d6abd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\prefs-1.js

MD5 3b7cdc36336cdf30ceab0ca0291f7b4a
SHA1 7b2bb0d88ffda19669983e06f9127b4e469543d9
SHA256 7a081bd6ca78b7a47e565f3b0e3f5fb08ac4d6d96b6b9db601646aca262b2e8c
SHA512 092154f3131d44c7b89587dd2da28be62b96e49685cb7fc73ffc671a0ac5987d540ea9607784f7fde0dc5fbe083a00f3241d0a1e3dc378a50bc7a0040eb14bf7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\prefs.js

MD5 f9fefbe074468d2f15891b7509adb756
SHA1 7981a97990e66015bdde15a1871e33c452cd674b
SHA256 1cb05adfef2f9582a3fee7c44330d613024bce0fe2f38ee88bbd1e4671e50c0f
SHA512 0274aa25a80107a029feacdf7b25be171722b4043c7178c9c923c92c26cb54f6c984e068b02bc67c31aaaf7d530737426ea32b88b58fad7537a6bd005565f2ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezMHLUY\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilest8ecX\user.js

MD5 bf72efaeca553bdb9b0f59a3073e66bc
SHA1 14e15da843de8a07abcf867f39c10cea307bc844
SHA256 672b5e2f271dc8a02badfd51db41c36225d574c117ff1e196ace4fe60339f814
SHA512 c59e8a3140ab2f37c1c9ebb1832168c4aab83fb9777753e5965c9a45a62b6d5f5ffff77e9ec47d53c84f13c6d4fa65f62c089c15100e9e461befd06b53248ba7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilest8ecX\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilest8ecX\prefs-1.js

MD5 f32a2874c3c3c709c41c9a71220f8b57
SHA1 c3619d1c7e04e8524e9d8b8fbbaecfb09c9e5c42
SHA256 f1f6739c8f5ff1a6bd7ce76c89acd2ca7cb76764612f9ddde6e14f0afabeabe0
SHA512 35f33dd4285e1b8a0c52722e6771e99bb19cff3bdfc766280825ede0397541bfe0ab913016382e4cb84f86f3282f554f23e1e071abb4051e1c3caf1bf9090b98

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilest8ecX\prefs-1.js

MD5 6aae373a35636c5adb66b67be0c3c841
SHA1 329397e2993abdd148735ca7b422364be411a40e
SHA256 8c147628684c76b8ce0c9a871f1c05cf0b809645b02eb71c655b0d513ed343e7
SHA512 e2c08feaed0792fbb74169ac31ac7b98f5fe47e061caa73c4b8d1ec9e6c7cf5df5d1a73d97477a570ce384093a789092265be89430fb6f6169706c113f52aa5a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilest8ecX\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileljRloS\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileljRloS\startupCache\scriptCache-new.bin

MD5 0d5d9f976f2b8999d1f69a43d5729f9e
SHA1 ecf2d12b273c6cfdd498f4674858c2500dddf215
SHA256 da05366754a599278da39a867c0fce40e2e312d95107a892ae9e19b365a09a9f
SHA512 209872150e0876abd3e926f71be715da5531eefc01d341e474c65251d928fa08659ddb7775aae08f476797d955ac218066dbb749ee4b7e988b1308225d8fa005

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileljRloS\prefs-1.js

MD5 bb912c86789160f259813c9752fc967e
SHA1 594b9858d4d312ae37eb223784b421f75870fc08
SHA256 86983ad7705de2748c600ecd2438b30edb3ad6182e44727f73c3b289d459ba2b
SHA512 6777c01a49bcf244a937b93a23951b77a84709989e9178f0696a7b5cba71ddc3342b54eda2ba825fb4dca3863a88aa770f1d02fa433bc6803ffe480baeb156cd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileljRloS\prefs-1.js

MD5 4f5d51a02057bc38c2531a5d7d909f52
SHA1 6b80e06b8c60ee7d0d5727c17c3a288c86e6f675
SHA256 545912c424abdeea9e8d7e5cd47aeeccede433dddf14818673052fdbd4442270
SHA512 a20887f986e718d4f8410590e1b14884777920bdf00fa96e10ee28ff703b58a94545d546ec6a6cd7e3748e340446b0aaf07bbe0e4e42074437c4e66488145cbc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\compatibility.ini

MD5 44090ce635d0c1ac65b4982625e8e55e
SHA1 e2961646081240a6108ea41e3a247108b22be7f1
SHA256 20cfdf39750ab808336c66fbb0fe39adcec250c4c9f5e8a7ed07d1682fce4913
SHA512 96f099bf43ef793ea69cb65c842378ca09c6404ec1e42a5004095333ef2f2366a8ee785bf4235576e10f459ccb86f87d3e6e5a8c357354303d26ea1c2f76a97c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\WebDriverBiDiServer.json

MD5 03522078a67ea64d372770d3fb42798f
SHA1 4d4d2731e639bdde3ad2004e6d2db0af26281d6e
SHA256 9c9a62c6e0afe11592c5255489961825ef2bdb90978548965d850ae6f389a7f3
SHA512 b253566b300de855f54cf8b2cbaf7fb02948603f09f0c6a783ead968e3fd9f54d4aedfa9204e846f99498dbedc1a210a2807167d5089497b06d53ca7c3acfec3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\prefs-1.js

MD5 0a388c9c1de4e74e7a54436640619334
SHA1 d5804d2e563aacf547c99ba73e3852d66e8f6fc7
SHA256 09cdd11f54cc23786d56e2cc1000271da90f008166f8939053a8af7e315ce3c4
SHA512 e464dd45b4e7b480a7c00823546e64a5fa7787e568ae7ba894effde1fd2bedf707134793aef566099eb46d81d01b04b1991cfa4576b32c43097be4063ca1d24e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 b6809a9c91da147235a1181d9d6a6145
SHA1 8796b7186ce86d5d0b3bd086ca249008d72eb969
SHA256 637c61fd06108ca6fc6cf4fb01f5735bcc5a79ae2974a47f1abf587fd7ebc7c2
SHA512 00cb86236dd990b89abe92ef365d951485cf6bf7ae14274dd051a6312cb262f30cd9a6026b761929fa4892df6ee4246816996eea408e01752c9b526cf1bfd935

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\prefs-1.js

MD5 fa9f0ddb0e9c765624600af01fcdd582
SHA1 5ab6e91c8f0c093f5d968abddf75c13afeb9503d
SHA256 ce3598832eb9e70c605bdf7acd64f5e0f9ca4a1486b77e046ce1b850fdd3496e
SHA512 f7208c1f3b946fbe9cceec5a33468ee8031bcbe69cbc8f3943ebd8915605c8081a46fe18d567c705516adb06e6cd4d0e8656d31cf24630960a5db14a61d2b0f0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\prefs-1.js

MD5 41770aaebf5c9a041b42f20a5ee00ecb
SHA1 4c41e2fc4c4d8ccda0f94fbefba30a667074ffa2
SHA256 53e36b8af99746e668ed3fa9e6733837acc869a98f68880f7de0cacd5ddf6cf0
SHA512 e5412c4e13b9fc92d3dc438a597c7f808ddfe4bb985cb44e271c04a8736d1b5391f07c3c1f50397a7433a7d7bd70968de2c608196341fdc1221f2a8b88f31ca5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileX8MvVU\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win10-20240404-en

Max time kernel

301s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1428 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1428 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4636 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4636 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4636 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4636 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4884 wrote to memory of 1516 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4884 wrote to memory of 1516 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4636 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe
PID 4636 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe
PID 4776 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4776 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4260 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe
PID 4764 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFkkBY8

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFkkBY8

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.0.1089484170\1464744514" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {5ab745d5-7cf2-4be8-8452-f874505d3d41} 4764 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.1.2044347548\1564404529" -childID 1 -isForBrowser -prefsHandle 2536 -prefMapHandle 2520 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {789f4546-02d7-4f98-bece-83add0be0eef} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.2.1977931501\1731610134" -childID 2 -isForBrowser -prefsHandle 2976 -prefMapHandle 2980 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {0277184a-b187-429a-b926-fce1fdfcfef0} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.3.1463396537\760856691" -childID 3 -isForBrowser -prefsHandle 3476 -prefMapHandle 3500 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {40f8acef-60f7-464a-b9ac-0502610668ce} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.4.1940453251\1100263415" -childID 4 -isForBrowser -prefsHandle 2160 -prefMapHandle 2128 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {4b397811-fd45-4c4a-95e7-c0ba3e772a90} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.5.1723039720\1328759794" -childID 5 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {d1ab1857-979e-4011-a2be-cbfe39d2297b} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.6.965766830\437692837" -childID 6 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {506826bc-a15d-44ee-b9de-0958922c75d7} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.7.1670131212\969730371" -childID 7 -isForBrowser -prefsHandle 4292 -prefMapHandle 4296 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {b018dc24-9355-45ff-959a-cb29972bbd8b} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4764.8.33004404\1735785605" -childID 8 -isForBrowser -prefsHandle 4380 -prefMapHandle 3952 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {43207ae9-9e40-4c41-a5e0-73305e3e76da} 4764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1312.0.2144695995\729914125" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1460 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {7d16b819-165f-4fcd-84f0-3536bb748510} 1312 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1312.1.1487886755\646285590" -childID 1 -isForBrowser -prefsHandle 2008 -prefMapHandle 2432 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {3fce7c2a-dc8a-49a3-8a5a-51faa5bd3343} 1312 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1312.2.823078084\198074065" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {9226496f-dcfc-45c5-a6d7-58fd59d631b4} 1312 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1312.3.1295370805\1643403642" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 3292 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {f23091f2-93b0-4abb-b739-6f7e96b6e73f} 1312 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1312.4.487309900\91607409" -childID 4 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {0ed5efdd-546f-4581-b218-996fe83a5e19} 1312 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1312.5.524208069\150081455" -childID 5 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {9f45e88a-f3f7-48fc-a0a2-0e24a54cfb63} 1312 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1312.6.693191890\684532991" -childID 6 -isForBrowser -prefsHandle 3968 -prefMapHandle 3972 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {8c177706-f7ea-4f36-8a84-a117a7f70312} 1312 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.0.1210602088\1440117346" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {784e303c-5623-4143-9aa6-b62b6f695968} 1304 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.1.236978033\653065239" -childID 1 -isForBrowser -prefsHandle 2284 -prefMapHandle 2188 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {41b4590b-54f5-4bd5-bd77-9258ad567a4b} 1304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.2.1439427355\2011859029" -childID 2 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {e6045840-429e-4dd2-aa8b-752c899e6865} 1304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.3.2049397170\980097322" -childID 3 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {8fd90651-bea8-4440-a5fb-fee89069162b} 1304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.4.2131554219\1504428943" -childID 4 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {0430ef7b-9f4a-4c4a-bf71-685d7ae0f2fd} 1304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.5.1808882123\1826546275" -childID 5 -isForBrowser -prefsHandle 3748 -prefMapHandle 3752 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {753e12ad-8ec1-4eb0-a0ca-5a03ade8d153} 1304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.6.1836049744\1653859976" -childID 6 -isForBrowser -prefsHandle 3808 -prefMapHandle 3812 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {e47edcf2-2721-4336-ad4a-2f44d9a4fbe1} 1304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.7.926163319\1513495007" -childID 7 -isForBrowser -prefsHandle 4376 -prefMapHandle 4180 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {3b543314-6446-43e7-a4e2-05b98104fa81} 1304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.8.418073051\416777029" -parentBuildID 20240416150000 -prefsHandle 3128 -prefMapHandle 4348 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {5a427a5b-949b-4e94-ba4e-2e8fad09b0ab} 1304 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1304.9.1046771577\322775539" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4188 -prefMapHandle 4220 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {ff1d7092-6673-45c1-a7ef-b2e660c5a01d} 1304 utility

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileis54DV

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileis54DV

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.0.1417959659\709220518" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {042b7a23-c991-422f-b1e0-0049bd745bb3} 2544 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.1.1162263141\831151879" -childID 1 -isForBrowser -prefsHandle 2196 -prefMapHandle 2416 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {6d2394aa-98e9-43d2-97be-f93bcf8a51fb} 2544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.2.957072747\195324200" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {0092c486-3a09-4094-9d38-e195b57736f8} 2544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.3.275785797\685235576" -childID 3 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {44bc5d90-ec52-45e0-a9c9-dfa9cf9ac8e1} 2544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.4.1517755240\1504753883" -childID 4 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {51989160-de12-474a-8ce4-bf92d5791912} 2544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.5.1171385666\1974465986" -childID 5 -isForBrowser -prefsHandle 3748 -prefMapHandle 3752 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {1f0c4caf-2775-4933-8920-f2efa4ed4098} 2544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.6.388987528\903754955" -childID 6 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {fa3d4d3c-3812-4666-9bbe-a040b55504c5} 2544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2544.7.917937031\2008652153" -childID 7 -isForBrowser -prefsHandle 4280 -prefMapHandle 2972 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {f44b0d27-40cf-452a-9928-70281d4f7988} 2544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.0.365493943\1130407641" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {8af3a662-8055-452b-b1d2-acfdee2064a7} 4084 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.1.681627296\558126350" -childID 1 -isForBrowser -prefsHandle 2260 -prefMapHandle 2292 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {9954b33e-2c3a-435a-a0cf-1e19db3407a6} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.2.1254338338\1306930435" -childID 2 -isForBrowser -prefsHandle 3048 -prefMapHandle 3052 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {b80f1bdd-ddfc-4ea1-b1d6-1885137837b3} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.3.2088246547\1869985495" -childID 3 -isForBrowser -prefsHandle 3260 -prefMapHandle 3244 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {7842204e-783d-47f7-94d9-ce95dcf6e9cd} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.4.1315850290\527808383" -childID 4 -isForBrowser -prefsHandle 1348 -prefMapHandle 2564 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {4ed91a44-e54c-42e4-91a7-8d47a619644e} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.5.945041426\279548488" -childID 5 -isForBrowser -prefsHandle 1360 -prefMapHandle 1356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {dc6f9e51-5284-486b-b2b4-157fe2f5e66b} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.6.144642701\1122295923" -childID 6 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {da153ca0-68b3-41f4-82ce-598a55a540e0} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.7.1219067763\1192190450" -childID 7 -isForBrowser -prefsHandle 4320 -prefMapHandle 4324 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {1764dac6-60bf-4e91-8d4c-c34c19224ee7} 4084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.8.2085136773\1021967111" -parentBuildID 20240416150000 -prefsHandle 4296 -prefMapHandle 2448 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {f22aef12-1010-4216-a2a6-a2a07b282970} 4084 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4084.9.778316942\1880998980" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8520 -prefMapHandle 8528 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {55c96445-8321-4dce-a675-e9477d055c45} 4084 utility

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMulD3x

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMulD3x

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.0.1683785839\166934362" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {6f7b4caf-2d6a-4d2d-9caa-d2a1566ced75} 1904 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.1.2012121497\341587850" -childID 1 -isForBrowser -prefsHandle 2316 -prefMapHandle 2564 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {70c18b0e-aa85-4206-b22c-61af3e5b7803} 1904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.2.2132702327\1688791832" -childID 2 -isForBrowser -prefsHandle 3104 -prefMapHandle 3100 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {a80edb7a-c166-4ed7-89c4-2e45b3350722} 1904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.3.1839935313\314884236" -childID 3 -isForBrowser -prefsHandle 3380 -prefMapHandle 3384 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {f3fff981-745d-4308-89fc-214619d3814e} 1904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.4.1703654034\406075723" -childID 4 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {213c2377-7774-4e5e-ba5e-ab03b83bf66c} 1904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.5.2098277271\75758518" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {f913ce4b-1dfd-469e-be01-0b6e09c15754} 1904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.6.951364047\2089967252" -childID 6 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {361be1ac-0226-499b-822d-5ede288c77a8} 1904 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1904.7.661633222\614004411" -childID 7 -isForBrowser -prefsHandle 4348 -prefMapHandle 4352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\browser" - {c1759a25-e756-49c4-8adc-f0acd13978af} 1904 tab

Network

Country Destination Domain Proto
CA 158.69.205.92:9001 tcp
CA 74.116.186.120:443 tcp
US 8.8.8.8:53 92.205.69.158.in-addr.arpa udp
US 8.8.8.8:53 120.186.116.74.in-addr.arpa udp
DK 87.61.100.125:9003 tcp
US 135.148.100.84:443 tcp
US 8.8.8.8:53 125.100.61.87.in-addr.arpa udp
US 8.8.8.8:53 84.100.148.135.in-addr.arpa udp
N/A 127.0.0.1:50137 tcp
N/A 127.0.0.1:50139 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50240 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50248 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50619 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50627 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50880 tcp
N/A 127.0.0.1:50888 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:51220 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51228 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:51525 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51533 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:51906 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51914 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI14282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI14282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI14282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI14282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI14282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI14282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI14282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI14282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI14282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI14282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI14282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI14282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI14282\top-1m.csv

MD5 f2eb69ad23ae71cc9e9bc0a2c0bc0c35
SHA1 de05418d4823ac2c3ab706e384fb5d5c067be25b
SHA256 e4e0792a85e611979e5e77a05456f263a3537a6b6f0b511a3d475a31910f3149
SHA512 643f9b546758b00b2dd7af664b7800bf9981914d09719e0e374c9aff840d2b6679ac67c0a6de61bb2669b33c5ce8e3ff1363fff14a92b52af06b39e037284bfc

C:\Users\Admin\AppData\Local\Temp\_MEI14282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 e4ed8f5ccef4b2d8f85e96e382a8a0fd
SHA1 a916aefb67104d555eca01a7ee88964eb1aa2a7c
SHA256 b60719dab2c1f3d172fb9e8b5970d0fa5bff367672b0c2fe1cc862a94b8ea9f2
SHA512 0573e828f4e2bb5e3e60cb9157011dbbb36520febe377d75fd822543d8ecb0cd553fb2592e821a699ef160e2a5a33a4aea93d48e1798fc6c8e14e5e1c95c4de8

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 549e54a44c7326c30548c998a1d16424
SHA1 d4375f9ead356aff85d60375b08db168195d5089
SHA256 fb2df7a858dbfacbedb5ce100bc71dff2b1e1991b2d574c1d3d46701ceea5433
SHA512 7325a6d2ed8cf43c4665f2cda3f4f9578de7a87cf70178eff7e927bb8b58f0dceff4b4bf6029593ff64fab052718cf2da8228275580071de2d0fb77fcb4bb897

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpg7b4yino\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI14282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI14282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI14282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI14282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI14282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI14282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI14282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\tmpg7b4yino\webdriver-py-profilecopy\places.sqlite

MD5 b5c12d055da1a860c64e12fa500bf3df
SHA1 a609d35d60c8fb3b95e1c6d8d632ab4abcb56577
SHA256 0d2bcf89b48e95fe3b4a9b58e6cd24c1731559bd15f43cb3adb7421f67f00ee6
SHA512 0c0c75e4048c51af99ca26f7eae072ca4d432b09802cab168c467ce1801603594046e1a873502546d76e7b573a182b47a145ef885a3b12c86cebce751a84a303

C:\Users\Admin\AppData\Local\Temp\_MEI14282\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFkkBY8\extensions.json

MD5 c5e679a91554bfc8e6c25a3dc8723f85
SHA1 12e5cee4eb161c27e850b869b84e2a18e3315368
SHA256 df0a6d90b159d3c2d138b68f2d01a1dfb523e4a4c534ba7c6ab835fe86a1ae2a
SHA512 8c2be874f3f42519109fdd73145e1838d49192beb440ea6162a07b5630539dc6b666fa374a023e471f9e4924bfb4687de4beb90d27d289eb08483d29d39d338c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFkkBY8\prefs.js

MD5 3dd428fcbaa322cd2ef22a1dc0d970f5
SHA1 531c6a4f9527c71f4f934959c6ab085f68af4fb6
SHA256 5e0495ba39f7b863de34ca49a4e6711c942b133a2d3054bc7b11b67df59aea89
SHA512 e2f9825888a33ac0d1a82a93c47b35e93055d9ba5deaee5e0703da4d64ef9bfe1f418908b0e83bce938cad808b8acbde782b3694c501824d44d7cccb366dd2d6

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFkkBY8\prefs.js

MD5 e746fbffebacdc215d62e775f2b8c2f5
SHA1 f4ffb92f3a27dcd3efff5cc4763792d19d02a862
SHA256 019cea96c7f0d0088b1a45bc7291aa04bd841085048c547c91ea1c84a23e2154
SHA512 b78fe8c30b02b5cf5d7b6e0e4f06de9ab2500ddb2957c6fc0edffdee79831c30b235ffa5a224a26d266e63a835bec1449d3fe17d026c3dd73213061b59e708fa

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f9c19f7e4478563ed60b3942a4017ef6
SHA1 7094a37994f24166c3672ede7e485c50010264f4
SHA256 632cc57b22218a30ae84f066a28ce56a0d03053656d1749afc802d51241b762b
SHA512 4569f05347b7da2dc45f54aa1b9cf38c7076c9b18b93c4ce6af23ab91111c07b7dcb9ad4d55b6fff4b3554cb03a2db83aa9866269a6e1c23d1c5138ce5b65b22

memory/4764-575-0x00000284664E0000-0x0000028466650000-memory.dmp

memory/4764-592-0x0000028472530000-0x0000028472540000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFkkBY8\prefs-1.js

MD5 f1fb4411c214a45f4e356195892e7290
SHA1 784e1bc7cc01d4759fb4cc787cf856923fc05834
SHA256 d1a4ec9207b2b5b0e243915a899271c101fda4c86e3297a32f003c5442ed59fe
SHA512 227c17575ec24b075d6e7ea3297ec1489031e053601615ae03bb6416daf9701c71c304cce308c9e64437d9fb87ad225f226d18c8db0a61d24c8eb916b1e1b3c2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFkkBY8\prefs-1.js

MD5 295f468861df9e52ddf71b470dde6642
SHA1 8593344c3029c595b4848e33b06b511812274672
SHA256 0e7c61c4fb91cc73c70548d5df1bfc292b8a0e4035282bdb5ff600a795c9b179
SHA512 61d2670df9ae2bd11271495cae66b51aeb3645e6af5592a9fa1e3ccf71545d81f117dc0c4636cd7f736c12ca335ae7ba0410e5eac9dabaf8632a102a9c3e61d8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1312-842-0x000002222BCA0000-0x000002222BCB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\prefs-1.js

MD5 814916a34795c21860ffc9c72651a82a
SHA1 700aaf9e32a7d318859ae00542e97463be6a54d4
SHA256 be99da447fab63a9b04a2e75ff58465dead4ea327eb48d754783710388d9a4fe
SHA512 f147b65363fbc582443f4308a9c62e9cf30f97a205c08a343ed40119b810037c4c618c89185d8919bc941a7cfc7ed15565202318cb79f8f7eeb02560b469b898

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebNOqHm\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm\prefs-1.js

MD5 77059cd2b71fa311ec61ac696feb6466
SHA1 ad006dd5a561e5430ba448387c356fd7cbe5d9ff
SHA256 c5ac07dc5fcf3056449b76afe2802cc8f3ee370076c99376cbd1a46b5474bd19
SHA512 0119bc1ec64aef400fe43768207638a89ed2f22cbac68d14bad645abf40bdc468e257764e512a7a0577fe2b5d2121f53622ad981e05e62931764e0dd8aea8ad8

memory/1304-1145-0x000001EFC6700000-0x000001EFC6710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm\prefs-1.js

MD5 2fe4ccaa62610c6ee168632f82ba55d2
SHA1 e8f35e18578fc38b8d77fe6d608bfd9c93901682
SHA256 53f3a52d570b3ca57ed14b787bd5a993ec1ea3892eb7aa2bb9db0cc952b6c854
SHA512 fad6d60e0ba91f6355a0d341227968e7e504057248b3318e549235d16a7ec3b7ee08dcba45c492c1d03fb407b6dbe851e4532ea16e483cbb51894c64f79cbfb1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm\prefs.js

MD5 04c9645aa144cc7b0fdc15f30d1a6927
SHA1 bd2b265285ac3b78112334719c11300824ef6646
SHA256 8c12ca283ed39ef9caa185e493aa738fd0adfb203d6b6cd4bb6aa171fa2d71ea
SHA512 1ebe90add40ca8c736039c48916102243e57653e5b98a02a7313e23e8b33a1ca9d0c955ee56b53822f48dd40f941dd521c88e58300a7ebc43a7ca5eb63279339

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegyQLWm\prefs-1.js

MD5 93b0e81f5c7d50c78c8a8320523aa98d
SHA1 ec99a7c5c0ef7cff5cf2a48a290357119add2a22
SHA256 b66bc34a056ede2265f38c8f5eec32a01e489301bcda90460302d8b6d9ecfd4c
SHA512 f6258a1a1b19b5a543bd269cab6e026573c6b64f11d758b37c03e4c22afaa56f7a8a55a79dd1077df70ccb6f165c11e9deec30e2d3b55ecefc4dbf07e883fc0e

memory/2544-1384-0x00000268ACB30000-0x00000268ACB40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileis54DV\prefs.js

MD5 a798646c26564a05670ca528ea3781db
SHA1 806e19c5035cd9b1ce7655b1abe256c2aed40ee2
SHA256 8e5aa82a79613c25e8604860b99bd98ce3fdd624cfc0468788f14a9eadf9f1bf
SHA512 5b9470fe8f18531dfda3e5793641b9f50b5ef7d72327f1f440a56bfd204b9dd6106cb5cc4347c2b3c27e78b72c11c12ebda4cdd66176533eacacea39df18c224

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileis54DV\prefs-1.js

MD5 bec9f0ef7ddf5c7dbb6b685f844fbec7
SHA1 7807ab0d01e7a46310fc6622c9cb91c8a8a2abdc
SHA256 5468c1b56cb00350a682279d5ad0108efafa44796782f0598b091c64fefe508c
SHA512 0d89603d7cb362d7d9e5d589a321a9707d5ee3fb69c4f58041cade39f5f5ecb437dcec490a5d38b209c03116f369a708355ffedec4d53fbf868f8a4d468e61d6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileis54DV\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileis54DV\prefs-1.js

MD5 8b9df583c2623021c014ac800cae350d
SHA1 6a4ffd264e5c22133fd1e6812a5b6e146f2648ce
SHA256 2355de9ca28fd6ae8a13f65122fcac9cfae7eb3eb21397aa966cfd6e79089705
SHA512 612cb9a4f01059b5da3118eba0332ba82cc7539c9d7754d4ef16d8b5fc105b745126fa57aeffbdb93c4ef8ec1055bf50d91b4997accffb016747df42cf8c192e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileis54DV\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw\compatibility.ini

MD5 4b2a5661e7386c01d3644bcf0add88fb
SHA1 87e40b39c2b05ca1dce3129cacadc08e1bd1bfb3
SHA256 90f08e0eb5b427e4c9329cb9c7e953674993ffc1df401664e9790edb6e63422f
SHA512 52f396213526d279736818de53cf1f383b9c2c3fa103753d107729eedcd9ce398df6ccb2789e3d35d201a619bd29b9b7c2f7082d91101205862d03f1cbc89a1b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw\WebDriverBiDiServer.json

MD5 664bf25ca745a78554701dae9cf12ff6
SHA1 4b1450aa2e9d47d45e44b59ebb17176e6fd690fe
SHA256 e3a5d63d3d67f61e58cffea8db997596659344bc6ccc52788605d8458f808cca
SHA512 ad2378b86cacb84a24a89bbd82fffe996c748cdc9d9eced788a158d2e5c0063cdb7388fb388a864eca81d0eea10f65a31a886747b8392eeaba46ada525880191

memory/4084-1662-0x000001F105DF0000-0x000001F105E00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 e25d620172fae26d6373133c1a025ee5
SHA1 9581715690a7ba968d748aa31be0efb77676fcf6
SHA256 6ed314482d498545588241e8f14a2b82878b945843096c7cc4fdd70a8298af0d
SHA512 d763466f594a9822b2580fd4321c689e766c9e6f95702dbcdd00721cecbc343aed14f26e20a56cf093fb9bd859c3c058e5bf92c4bd8408608f15820ad5cf6b54

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw\prefs-1.js

MD5 ddc097663b3323d1b8100791fe30c29b
SHA1 0b6a3d3dadf4f619b53b66e9e19f2ef1390b0612
SHA256 7a3d051a4089ae7d8eb6dcb2a46b0a2333f8ef85eec6306d371e1d73f62ea5c2
SHA512 abb4c563941c90045094c569e413f3c6d1b12afe541c970ba138144b92a6997eed4581a8c5d4d7fde486f304f929b49a527932c4450dd03de01a0a60636710eb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw\prefs-1.js

MD5 2d0ca44ef441d477001056386c841f3d
SHA1 b0a15f0e85a8cc6d1801899467aacc6f2780ce89
SHA256 4431d84635990e7722eb5b69b82133725978e498c9d341ed60e2e12e9a68320a
SHA512 6c6f68e57bece69282a752ff7923e436d65fb9575d190552fd9019a0fb165294b1ae326ae99e0cd30ae21a1ad8764999187bd87017e82a3147a813f796c13f0c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2wneIw\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMulD3x\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMulD3x\prefs-1.js

MD5 39120d313f1892a51875d56a5c3bdb9f
SHA1 77b205629b263b33213096162293e8c1e1b474cf
SHA256 e717363429dd114e46ea1711222176b0cd1675dc9582fec2a07747d0149e1616
SHA512 aa233404ca804110c4a7286331a44ff694e078ac2ae5ce69417a40dc23e6c31d5386e74e051c04cf52a85d5fdf9a1605c8c90c005095c2064afa63152bef2bce

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMulD3x\prefs-1.js

MD5 7b958f8924732f083dd894fc83bfd5c4
SHA1 4248fc9e1f2e87e0b4c699f18cd3fe8ebce46f7e
SHA256 779e76949124cdf7e7f2315ef2ac633b085bc220257e3f26bf01ca7baa4f5eaf
SHA512 a3c980b0a3528b46df9b567c6ff822bdeb1136cefa59b47733a2620a8577822ceac9a9d3eee2e11d91b656244c8ddf62e831c88a3a301311c1b334b247b3d272

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:16

Platform

win10-20240404-en

Max time kernel

154s

Max time network

319s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4372 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4372 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4468 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4468 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4468 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4468 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3232 wrote to memory of 4452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3232 wrote to memory of 4452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4468 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe
PID 4468 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe
PID 644 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 644 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 2420 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe
PID 4704 wrote to memory of 192 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilery6aqV

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilery6aqV

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.0.1000112502\1440510044" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1460 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {c7ecb4d7-7ef2-4661-9407-f7bedb5ff234} 4704 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.1.892354504\1227724900" -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3092 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {5e68c5fa-5d9f-4b81-aefa-23b180179078} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.2.1222245922\1911455286" -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3424 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {6d32f7ca-9fe7-4f6b-8cea-bef2d09207cb} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.3.1540399883\58626172" -childID 3 -isForBrowser -prefsHandle 2328 -prefMapHandle 2720 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {2b9ba263-c605-41cf-ac82-f439b13e5196} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.4.664922750\2142497335" -childID 4 -isForBrowser -prefsHandle 3492 -prefMapHandle 3496 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {7f522a95-da05-4d62-9a08-ca8e953ecd8a} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.5.741529901\1600466639" -childID 5 -isForBrowser -prefsHandle 3616 -prefMapHandle 2940 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {5ec14906-21b6-4986-9cea-4dc5c0144dc7} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.6.1977840786\80106382" -childID 6 -isForBrowser -prefsHandle 2808 -prefMapHandle 3588 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {dda3e7f8-23e5-4866-91de-2c2fcffe6f8e} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.7.432212709\328883118" -childID 7 -isForBrowser -prefsHandle 4200 -prefMapHandle 3544 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {3b7b01a3-aec7-4623-b1e7-5aa98d9d2c20} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.8.418531133\1330526910" -childID 8 -isForBrowser -prefsHandle 4444 -prefMapHandle 4164 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {b8db90a6-c53e-4620-ae3e-da8d516fa8c5} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.0.714235884\1767714646" -parentBuildID 20240416150000 -prefsHandle 1504 -prefMapHandle 1496 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {4688a178-6a1f-40ab-810b-f85c78642dd9} 4404 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.1.1446702327\2075829323" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2324 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {aeb9bc8c-1057-47db-b906-e801a9d787af} 4404 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.2.92987053\539325513" -childID 2 -isForBrowser -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {081f7ada-a95d-43b4-af3b-7040de5bbab1} 4404 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.3.196992059\349750719" -childID 3 -isForBrowser -prefsHandle 3132 -prefMapHandle 3288 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {b49cff77-e573-4818-b0ef-ea7331f921dc} 4404 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.4.752660905\1659155508" -childID 4 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {ea9672ae-e2e7-454d-9842-6bfe3a6ccb90} 4404 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.5.1917825793\1643263501" -childID 5 -isForBrowser -prefsHandle 3812 -prefMapHandle 3816 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {46a0b285-5bb4-4bfd-b4aa-f48c83d89ba5} 4404 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.6.521714821\492698853" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {e237f5a4-fe9b-40cd-8065-44e06fc2d0dd} 4404 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4404.7.1724320043\900948929" -childID 7 -isForBrowser -prefsHandle 4268 -prefMapHandle 4272 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {1aba90c4-050b-4c34-9542-cb770a323cf0} 4404 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.0.44807791\963409262" -parentBuildID 20240416150000 -prefsHandle 1504 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {f0f26a26-291b-4807-b348-79ce9d2d5b04} 1248 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.1.580151093\1982136450" -childID 1 -isForBrowser -prefsHandle 2452 -prefMapHandle 2624 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {a3bac41a-29d8-4001-a49a-90a9725c4def} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.2.468428942\1924504194" -childID 2 -isForBrowser -prefsHandle 3044 -prefMapHandle 3040 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {6c646749-8c5c-44b7-949a-62266cf997ba} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.3.1105703235\1892801503" -childID 3 -isForBrowser -prefsHandle 2460 -prefMapHandle 2328 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {6180f086-f7a8-496b-894a-ae30e7319dfd} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.4.1270478582\469859242" -childID 4 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {b469d9db-910f-44bf-aef4-a2175ab31ecb} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.5.643704191\191373314" -childID 5 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {39aa2be9-9e20-4b60-be1e-05333216d4c5} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.6.1623208160\1623845562" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3984 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {6eb05683-d0df-4c12-9a4f-2d5dd6cd6f72} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.7.1206133614\122674536" -childID 7 -isForBrowser -prefsHandle 3644 -prefMapHandle 4368 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {36e49c1a-4594-4f71-b30c-dc4a9b897f4c} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilera2dhp

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilera2dhp

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.0.1067388916\377419123" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {5192e617-98aa-4e50-9b35-e7526154b70b} 4616 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.1.22480362\821323194" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2768 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {b15b9fcd-a9af-4571-8a3b-26af045ac616} 4616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.2.706571666\2028923355" -childID 2 -isForBrowser -prefsHandle 2512 -prefMapHandle 2488 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {44ac7166-8b8a-4f07-88ea-7b39d0277f58} 4616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.3.2000738595\908422906" -childID 3 -isForBrowser -prefsHandle 3400 -prefMapHandle 3396 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {dc5cd4b2-9964-4b25-aa3c-956a88389f5f} 4616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.4.561187428\876357943" -childID 4 -isForBrowser -prefsHandle 3660 -prefMapHandle 3140 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {6a465927-f231-401e-ba67-870d9be81c36} 4616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.5.985837373\1476642057" -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3804 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {2292da48-6b04-4be4-b5d9-dd3ff04b9ce3} 4616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.6.164863997\1414410940" -childID 6 -isForBrowser -prefsHandle 3432 -prefMapHandle 3524 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {3f16c8c9-89c9-4931-898f-6bbfc6bca957} 4616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.7.758552908\884731532" -childID 7 -isForBrowser -prefsHandle 4432 -prefMapHandle 4428 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {e131bdac-5029-4e57-ba6f-b21f08c9f664} 4616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4616.8.40093355\782900976" -parentBuildID 20240416150000 -prefsHandle 8476 -prefMapHandle 8480 -prefsLen 27407 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {ed146bed-3ebf-4fdd-b44d-ad83630a9286} 4616 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe --port 50065 --websocket-port 50066

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoK1No0

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50066 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoK1No0

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.0.1907171231\1553684185" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {468ce3df-8cc6-409d-a0a7-09fed05561f2} 3992 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.1.126991062\827133477" -childID 1 -isForBrowser -prefsHandle 2492 -prefMapHandle 2644 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {d697f03e-c753-4061-ac1f-124b47a0de47} 3992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.2.1090039427\519620266" -childID 2 -isForBrowser -prefsHandle 2568 -prefMapHandle 2492 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {07fd9f8b-8016-4dcc-9ee4-97693c98a3b8} 3992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.3.1152733579\692168255" -childID 3 -isForBrowser -prefsHandle 2944 -prefMapHandle 3308 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {a4bfb8be-4be4-4c5d-99c8-edd12eadbc10} 3992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.4.452076168\1357600504" -childID 4 -isForBrowser -prefsHandle 3188 -prefMapHandle 3204 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {bc87c0ae-3329-4d34-95bd-fc3afc808051} 3992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.5.351715731\417951128" -childID 5 -isForBrowser -prefsHandle 3748 -prefMapHandle 3812 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {c750767b-cc3d-475d-8f89-f1102044fb1f} 3992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.6.135054006\823888092" -childID 6 -isForBrowser -prefsHandle 3928 -prefMapHandle 3932 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {ae052722-e83a-4ee9-bea3-2fd9d7ef6cdb} 3992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3992.7.664937125\500731769" -childID 7 -isForBrowser -prefsHandle 4344 -prefMapHandle 4348 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\browser" - {9ae7d01a-a944-4b62-8cae-3f617d513ae0} 3992 tab

Network

Country Destination Domain Proto
DE 92.60.36.153:9001 tcp
US 8.8.8.8:53 153.36.60.92.in-addr.arpa udp
LU 104.244.75.74:443 tcp
US 8.8.8.8:53 74.75.244.104.in-addr.arpa udp
MY 61.4.102.51:9001 tcp
US 8.8.8.8:53 51.102.4.61.in-addr.arpa udp
US 209.58.145.210:443 tcp
FI 95.216.12.30:8000 tcp
US 8.8.8.8:53 30.12.216.95.in-addr.arpa udp
US 8.8.8.8:53 210.145.58.209.in-addr.arpa udp
N/A 127.0.0.1:50168 tcp
N/A 127.0.0.1:50171 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50264 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50278 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50065 tcp
N/A 127.0.0.1:50649 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50657 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43722\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI43722\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI43722\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI43722\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI43722\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI43722\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI43722\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI43722\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI43722\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI43722\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI43722\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI43722\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI43722\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI43722\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI43722\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI43722\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI43722\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

\Users\Admin\AppData\Local\Temp\_MEI43722\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp2t4an1wa\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI43722\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilery6aqV\prefs-1.js

MD5 f14330761c9d99b872d9543ece64eac5
SHA1 d0d41f8f441c9cc09cc8959d00ca18ce7db16288
SHA256 f338c668f049d4ccc06e73973a535c28db188b538104c2946aa8d1cd9dcd408b
SHA512 66d7ddb1a640d7505e7a3d175e3de3e569bfd09aa2912c6e2debbca0c8f856311aceececcb920e9c8763715bfcd2d414fa92902ac4e81daace7f5050b5d20fab

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilery6aqV\extensions.json

MD5 b81dfb5fde34fdcc6233f0459252956f
SHA1 cc4cbcb1703c9458096a4dc284ae68d2f24792e3
SHA256 2a559a4efb723112e334993f59806dcdf37752ba1b72d8ed73591b2928c736e9
SHA512 17c321306174e62f7712eb0e934c5aa978901046ce3b921443d3df0c6fc0ba1a0fcffafc3822843a97ac661bfc86cba662fbe55c918b1679b242e54b84838be9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilery6aqV\prefs.js

MD5 12901d432c306c7c95a9dc388f6f4b7f
SHA1 ab37f69fe72a19fdde035c20b8edd0809e0ba2bc
SHA256 cd15a8b2baede1cdc42f3411da2e36330fc4d2313032ea7741c8c1f589756489
SHA512 d9e98728f19bd92512b638be5c13c6bbf7d8137c659c38ca4e1ca71d6bc61ace62791eff8967fb14bda46841d9b093f00242125af01aa4336495ef2a6ef6a73d

memory/4704-589-0x000001EA05FE0000-0x000001EA06150000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilery6aqV\prefs-1.js

MD5 755657ff6161c20dbac56457c5af8217
SHA1 d55163fdd9043ad75197dc214e234964975d5818
SHA256 35fda8dbb7208a4354ee04274790093c99a2b5dc048a9fd7cfef05ff94e3e473
SHA512 773ee41aea57646d3084ac0250d5268ec51cea02711d8c97a1e22d42b4b72a3c297b98b3ecf848f866359762a527f7636f74935e149142b62f1aa4906b349802

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilery6aqV\prefs-1.js

MD5 073bff58c6774602a7135b295458a462
SHA1 5db49e321b2c560af8c75728e6b66e2bd66a9b9d
SHA256 5fe57a018f63b1eb51488b8ea489833cc352ee86d1ebf72f343a96e7928e9952
SHA512 9e729781ca340af6379878b96c26efd26050e63bf9e6842fb5acde74d9b1a74330576db27ad8dceee14202f0469f06ae75350111c6b66f5288323ceef6c364f9

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 4f0e32de1a51b68489e9b0191174300f
SHA1 685d0460cd447165a1cc4179520cf1ba99201dec
SHA256 18ac3db13dbb554a3791875dea8e8ac11da26c6b85cdd0ed8d70c30e204e7665
SHA512 2a7b08e108b5ac8781468b33810c58f740feab13c2e78cfb01cc7fd55d34b36c05a17c621a90d793c4bc2bc72f3b9ae2dc83a3c6c630d86522bf716ae5966590

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/4404-871-0x000001C8EB5C0000-0x000001C8EB5D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\prefs.js

MD5 ff03ad088fcd69e39bbcf3fc359a00ad
SHA1 6126e52d0a53345b9b85bd141bf9d8f8b44bb70c
SHA256 1b599c5a94c07fb0e1ca71fd035d726644a4a69f4c7ad6608a3fa9db9114f704
SHA512 5ad926fee5bf5abe7f1678730fd35fb30076cd03787f34518be5abbd87778305ccfe7087e545de13c97dc68dfa816d51ad771675d4a65cb4842dbb29347c89f7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\prefs-1.js

MD5 6efcf49df7a9004e0eac9635ebbf7353
SHA1 8cc9240043cf4a1d0f868aef01db80f7c7332652
SHA256 db4c1ea8eb357c144eb36d1d1764f0790983a4f6fc776fed90c62fc30ea29f1b
SHA512 600296cf2ebb9bc5896f5b821e230d847b97f4ff70af6019199c9b6f6ecd0e496a3023467f67f843287a65d670253862e5a5489fe1942a126f76b4026da5a297

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\startupCache\webext.sc.lz4

MD5 0e2ffb0f54c7536957fb7e5ac35b8b5d
SHA1 0c19a5d7970a67209df799be8ce7c82fec3afeb9
SHA256 8046350f59a175395e7cb9ece65378d11d6528b21ecf61a340c75b8ee83ab786
SHA512 e5901ecbcf67647478fa7804045a609918a288a4126d6c06b12fc33335ea8875c43760b8b58f61eb082dd20415e94c1888c57815698c68fc1a49396ff07c0e98

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\prefs-1.js

MD5 4b387e8f449e203f3f7625d3a87e4e4d
SHA1 2ad91c043a12e8d9061a9a4e1a01486489289c48
SHA256 d3c37ccb4f57f5e6237ba7ed1df5a1ef6ea855a56392e9bdab7684304574b12f
SHA512 aa786dedf5f8cdcfbad04c917518cc93f51377acbaa711e096cb660fe8820d0480e316eeea22bd7d7486cd5a671b7f763a606ab59186e3aa15f9a431601a94d5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRPkByp\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/1248-1155-0x0000020F44C80000-0x0000020F44C90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY\prefs.js

MD5 f6ad8d7b93a44094357295cc90edca3a
SHA1 8d7a21d58a728652b70200c8d75fca4c61af9b7f
SHA256 52f2d5530ce0494afebd4a778b28463d6d39d017ec9d14bdf03b15d8143a09a5
SHA512 a8b2e53194e1740bbd34868d71d000f853cea99aeaabd227669984b112ee926ac32b2aa1a90b220ebba45266bb0678dbbcff250cb6d63c44ee0675b8d23e5b61

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY\prefs.js

MD5 16a188876f9573a2875b2daa19ce0bf0
SHA1 26a6ee4e95884a297834616984159a9ba041b65c
SHA256 efbd96578a76a36f4fa15beb76e025f78cbb1f232a1fa811ef75f24b3f9f375c
SHA512 aaf1a3e5e3046eb0f6fcb9f9727a79b7587ecc2b05eda976b1368980110eb414d69ec0da7fb4a939e0d0c42e2098eb1acb57352d701c6f2fd331be9d1f87db4f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY\prefs-1.js

MD5 e39941944c7d3f3d41c186245ea1a398
SHA1 1c20b68005696077d97fbdb63a9e900e503e5be9
SHA256 6a2ea5560911df9eb15b1d72f1a7eb3ecb83dd6b25af8b0c7ca7a0e5de62bbf2
SHA512 d98e204cd6a818fce7eb53b8aaf8a1726c91db28bc68d93ac78d4b5ddb16bcfe9acbf8bfb9b1714c10eb6b4604ab5d0121712c5649b4d843cd7c987667ba2102

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile09OcxY\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilera2dhp\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilera2dhp\prefs-1.js

MD5 377076e42242fc94da5dc2ad2544e0f3
SHA1 e105cc56655857eb9b80186f0081163815c0cfd5
SHA256 3a86c3cc9543a4a13be47e8ad737c91b0b29be89686f231363f4d7af1ba3ea4f
SHA512 f771fd4f0f421de5cf62e85d4428140a683e2b6623db945548549b1f98e41afffe8429793f10abd874baa359b442910c681a9bfcc402794b3cb28e34dd87fc56

memory/4616-1445-0x000002A5154D0000-0x000002A5154E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilera2dhp\prefs-1.js

MD5 3e7eb89af7ec125d1c82fc7f86fee8a9
SHA1 956f0623625e47e745f8edd7722540301a409d29
SHA256 77c374edcd22ac5368ebf75d181b7d379f4eeff60398a7a6be3a67c7c5934e84
SHA512 bd75d472ba270f8155b8d392cd8eefb62897ab9fb6cfd579013c34bb4b3fa9e6e1c7904a01fd1b8f8d9f3e0a9c2988fb4b3659b023df8ae052b0b89a5b2cadae

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilera2dhp\prefs-1.js

MD5 a0477655e28ff70e00a1e040451a64d6
SHA1 882daffb1414177facf775eed24b765cfeb9fd1e
SHA256 22dc602d4bccbd8c10368062c276cb77ad8746631482d106ba5f4a34aeb122ee
SHA512 b18dee8a94d475caf975538d37b8848aaf7aeac5db1875fb0c91187c7668402d368f4afe1b7c3da6ebac8e6f4620a727f4dcd428ee94aa01d07f2f3dea556709

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilera2dhp\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoK1No0\compatibility.ini

MD5 7321df56b858ea376f439394cce8d9d9
SHA1 1bc3e59f423d68c93f3aa780b61d70da39dc021c
SHA256 5756f4a5835abfa84d5d951db4bd39b6ba2d3f4513c28fbec36cc6ef1160fed3
SHA512 580bcc4e0563b04fc67b789abcc9dbbbab03acffe44a1bb578fcd42c4e96bdcab6653edd371f32a19db2716067f9afc9ea3904a88975dce32293d080161de472

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoK1No0\WebDriverBiDiServer.json

MD5 81cbdbaf00b7276e30a62c219285a851
SHA1 8c3ed54981f6c503a2f20b04f578dbd015ded4b9
SHA256 6a6c86b03ac288c7208bf9c8f6e7a298362a9c4680f473c1601b9cf9f59c4d61
SHA512 9373a83f2e89af78f15734ee941f9faf8ca79faf4b607c55079e8fc510e38570afcac5c83a1d806dfb7f82554889e11aab57130aba95555c9db2f90cb4762032

memory/3992-1723-0x000001689A4E0000-0x000001689A4F0000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win7-20240419-en

Max time kernel

300s

Max time network

312s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1740 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1740 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1740 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1560 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1560 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1560 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1560 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1560 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1560 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 556 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 556 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 556 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1560 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe
PID 1560 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe
PID 1560 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe
PID 2260 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2260 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2260 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2628 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiW7UzB

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiW7UzB

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.0.157093655\27264242" -parentBuildID 20240416150000 -prefsHandle 1196 -prefMapHandle 1188 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {468dc7ed-0938-4de9-96fa-d95bd52ba5f9} 2944 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.1.1885634531\2009248767" -childID 1 -isForBrowser -prefsHandle 2032 -prefMapHandle 2028 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {f09e356a-4643-4e55-936f-314fe7f629cd} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.2.660271617\2126883267" -childID 2 -isForBrowser -prefsHandle 2200 -prefMapHandle 2124 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {8ecfc214-e872-4fd8-8c43-59e7008a38e3} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.3.560469632\1168322045" -childID 3 -isForBrowser -prefsHandle 2428 -prefMapHandle 984 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {844aa6ce-88f5-45ea-8dde-6684e1f064f3} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.4.790052162\412999014" -childID 4 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {d0a9276e-4ad6-454c-a0c2-dfd703d13d28} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.5.1484311466\381740220" -childID 5 -isForBrowser -prefsHandle 2960 -prefMapHandle 2864 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {4a537a6c-294e-4d40-9476-97d49e343e10} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.6.1128979439\388501438" -childID 6 -isForBrowser -prefsHandle 3104 -prefMapHandle 3108 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {5d928730-eed7-47a8-8e2b-1ab879781acd} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1620.0.874396095\1729584087" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {cd6d4b9b-06f2-4e17-9280-b33bd870cc8f} 1620 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1620.1.1538697545\2084489973" -childID 1 -isForBrowser -prefsHandle 1836 -prefMapHandle 2000 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {98557686-e826-4bdb-8adc-6b0e722dc6b5} 1620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1620.2.1203811010\479055070" -childID 2 -isForBrowser -prefsHandle 2232 -prefMapHandle 1108 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {3365ee76-2406-41c3-84d7-968e1af43896} 1620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1620.3.248527884\1346188236" -childID 3 -isForBrowser -prefsHandle 2660 -prefMapHandle 2268 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {dba8c6cb-cedf-40bd-8747-9fcaaa2f99c2} 1620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1620.4.1508342113\1794197131" -childID 4 -isForBrowser -prefsHandle 1084 -prefMapHandle 1080 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {21b567f0-7c1a-4b89-baa4-3ef897f27f63} 1620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1620.5.1183139471\766085400" -childID 5 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {7261ac4a-abfc-42aa-87f3-dea5a09c9094} 1620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1620.6.156020316\1617410920" -childID 6 -isForBrowser -prefsHandle 3088 -prefMapHandle 3092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {26f75ac6-6c9b-4daf-b094-d7366f153e32} 1620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecg5ETm

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecg5ETm

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.0.1202294770\842604780" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {e0cbb96f-6f88-460f-9228-6ce84ffd2c60} 916 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.1.1225160491\206118810" -childID 1 -isForBrowser -prefsHandle 1984 -prefMapHandle 2020 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 768 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {70570839-b82b-41cc-8e8b-7839ac7e8216} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.2.1281133535\638706157" -childID 2 -isForBrowser -prefsHandle 2212 -prefMapHandle 2260 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 768 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {0100b0fe-085b-4d32-8e9c-02d87d5cd7a3} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.3.1122968453\1149510024" -childID 3 -isForBrowser -prefsHandle 2428 -prefMapHandle 2032 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 768 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {2a6e7f14-1e07-4919-a203-5fc00c2d88b9} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.4.664776087\1700880809" -childID 4 -isForBrowser -prefsHandle 1092 -prefMapHandle 2792 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 768 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {7ff50feb-f560-429e-b491-ca26659ee3b9} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.5.1111784165\107821886" -childID 5 -isForBrowser -prefsHandle 2936 -prefMapHandle 2940 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 768 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {398f447b-435e-4c97-9f8a-37325f69c0b8} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.6.271536072\1922560807" -childID 6 -isForBrowser -prefsHandle 3108 -prefMapHandle 3112 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 768 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {cd2c9af6-d6bf-4972-a1be-500338552599} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.7.426644914\1484701620" -childID 7 -isForBrowser -prefsHandle 2780 -prefMapHandle 3368 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 768 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {b9280749-6f6c-461e-a651-3b4b6e14cdb2} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevRarwK

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevRarwK

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.0.1274360452\392412541" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {b9bc613a-86b1-4ddd-a036-56a9b4066795} 1528 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.1.2084678658\77676408" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 2104 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {bdca4bc4-ff86-4c58-b6d5-ccb0607e2d5c} 1528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.2.380348698\1503649840" -childID 2 -isForBrowser -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {e6450b86-e280-482f-92c8-dc6b784608cd} 1528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.3.1313607728\646344982" -childID 3 -isForBrowser -prefsHandle 2656 -prefMapHandle 2660 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {d33ad280-8c85-4537-b188-c970bb6ebe80} 1528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.4.723780562\1350861560" -childID 4 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {03ee0917-0346-4ccc-b4d7-ee72647bbef2} 1528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.5.1288293444\1873037717" -childID 5 -isForBrowser -prefsHandle 2944 -prefMapHandle 2948 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {e70b8fad-f4dc-4155-b35d-5fb51968485f} 1528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.6.1690142047\1920268941" -childID 6 -isForBrowser -prefsHandle 3096 -prefMapHandle 3100 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {7fc14f6b-ae38-4176-8656-f7297d9dfb5d} 1528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="1528.7.1219959848\967549777" -childID 7 -isForBrowser -prefsHandle 3396 -prefMapHandle 3384 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 788 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {4e949d4d-d157-485c-b158-8af66c86dd4f} 1528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.0.760942044\513119616" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {6f3cf477-1b3b-4214-82b0-a6082366c5dc} 920 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.1.550512830\189301851" -childID 1 -isForBrowser -prefsHandle 1704 -prefMapHandle 1832 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {b20a4069-4573-4902-b3e3-793e68890680} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.2.196540872\551692323" -childID 2 -isForBrowser -prefsHandle 2364 -prefMapHandle 2368 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {3c1e7ea2-1a94-424d-a780-585161f255f3} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.3.1942893255\1690296457" -childID 3 -isForBrowser -prefsHandle 2360 -prefMapHandle 2332 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {1860d227-bee9-4760-988f-11affb67712a} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.4.1454214916\2053915676" -childID 4 -isForBrowser -prefsHandle 1084 -prefMapHandle 1080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {3efaa718-625f-4df3-bbcb-5a89bd4edab2} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.5.260737816\799077242" -childID 5 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {84001ade-1b2b-4fd2-b17b-1bd72c5bc7e1} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.6.219103297\1101600900" -childID 6 -isForBrowser -prefsHandle 3088 -prefMapHandle 3092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {f18bc45c-0bad-4f28-b4ef-b0dcb6ff6465} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.7.2025205954\2114301020" -childID 7 -isForBrowser -prefsHandle 3488 -prefMapHandle 2980 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {1c0cf8e5-d573-47c3-b054-889b78c63579} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.8.1760288800\711539773" -parentBuildID 20240416150000 -prefsHandle 1656 -prefMapHandle 1964 -prefsLen 27407 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {1501b294-f678-4ad7-bcba-91c7a8541761} 920 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.9.778618646\499636976" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 1664 -prefMapHandle 1672 -prefsLen 27407 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {59ff400a-f975-4e44-b24b-a79b3529bbe8} 920 utility

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWbtL07

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWbtL07

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.0.1504366597\236303458" -parentBuildID 20240416150000 -prefsHandle 1244 -prefMapHandle 1236 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {75cc8223-9d9e-4750-9451-680dac192af4} 916 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.1.1953863110\929972870" -childID 1 -isForBrowser -prefsHandle 2044 -prefMapHandle 2088 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {82f36e39-5cc5-4531-aead-f70df2c51244} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.2.15936624\1149352577" -childID 2 -isForBrowser -prefsHandle 2308 -prefMapHandle 2416 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {6c626bb4-f672-493f-941a-b3a16bb8b31f} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.3.1213608740\247904863" -childID 3 -isForBrowser -prefsHandle 2348 -prefMapHandle 2404 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {4b395b94-4cce-40ef-8fb7-d486200c0840} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.4.1589290000\2143907465" -childID 4 -isForBrowser -prefsHandle 1076 -prefMapHandle 1072 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {89023cfb-cf3e-4f5f-a739-5d747b793612} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.5.696097685\1155507798" -childID 5 -isForBrowser -prefsHandle 2960 -prefMapHandle 2964 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {1ff4c5e5-779b-4aea-a1cc-14133d7f0eb0} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.6.1088478794\465848567" -childID 6 -isForBrowser -prefsHandle 1072 -prefMapHandle 3124 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {1a3f2311-f9c7-48d9-8686-49e09defe3ab} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.7.664715536\1878762513" -childID 7 -isForBrowser -prefsHandle 3500 -prefMapHandle 3504 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {c23ac7bc-5ba6-404b-b545-d07977ebba30} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledXswGg

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledXswGg

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="3044.0.516531371\10924740" -parentBuildID 20240416150000 -prefsHandle 1252 -prefMapHandle 1244 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {cef25c8f-73b4-4c4f-a668-d5e5b1bfd596} 3044 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="3044.1.887124623\1895317756" -childID 1 -isForBrowser -prefsHandle 2064 -prefMapHandle 1992 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {6451faeb-25e8-4f15-8f09-3dadda6cda38} 3044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="3044.2.676861934\283779606" -childID 2 -isForBrowser -prefsHandle 2440 -prefMapHandle 2376 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {2cc16fb8-ef61-4f2f-b132-9d2dc4b2d10c} 3044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="3044.3.245197240\891926268" -childID 3 -isForBrowser -prefsHandle 2712 -prefMapHandle 2716 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {ae084398-f451-4d65-9fab-b51d6309ccda} 3044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="3044.4.1772404887\314883790" -childID 4 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {f5795eea-3336-4249-a72c-0e23cc80a6d3} 3044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="3044.5.1579213851\325329077" -childID 5 -isForBrowser -prefsHandle 2940 -prefMapHandle 2944 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {5dd6767e-ab1d-4829-999c-b83cf17812c6} 3044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\firefox.exe" -contentproc --channel="3044.6.1314895318\1611417753" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 3104 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\browser" - {16139406-95b7-465b-b7bd-765ac1939f0c} 3044 tab

Network

Country Destination Domain Proto
SE 95.215.45.138:443 tcp
FR 45.13.104.185:9001 tcp
FR 137.74.164.213:9001 tcp
DE 162.55.84.59:9001 tcp
N/A 127.0.0.1:49513 tcp
N/A 127.0.0.1:49519 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49676 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49711 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
FR 178.33.36.64:8080 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:50182 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50217 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:50625 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50660 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:51156 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51191 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:51679 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51714 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:52272 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52307 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:52813 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52848 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17402\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI17402\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI17402\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI17402\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI17402\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI17402\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI17402\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI17402\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI17402\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI17402\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI17402\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI17402\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI17402\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI17402\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI17402\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI17402\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI17402\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI17402\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI17402\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI17402\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI17402\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI17402\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpl_erffk1\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI17402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiW7UzB\extensions.json

MD5 13c9ad91792a21c759c198ed3dab7316
SHA1 a9efab02f65daa914bf967e3c28ed55e634822da
SHA256 a2d9f8a38970d0eda50510cd6f9c97e564eb7ae3d535caec836b7c4207691d8d
SHA512 5d147ea66e76338e627a664e333b8969749c6b37c91d2fa5a11e87d4b1144f35d7f1cc6b5ba960b9324f36ca33851bbb82bec72b23df8dc54615ff1ae3a6a251

memory/2944-667-0x000000000BA20000-0x000000000BA30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiW7UzB\prefs.js

MD5 91a9f49dc6d9e3da0d11d4fb707225af
SHA1 4d656ad09507758c7a085f9e088a542788e1ba7d
SHA256 4e5729d1e523912f03510429fd979838febefde002765ba569d5bc9af09f9bf1
SHA512 1463a2d60e9bc55ecf8aa4174d610297e6549e01ae96544b567805ff1971a78b665abb347748b1b14d38e516580691939da16bd0810a69f37f02eeda80d2bf7c

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 4ff9642f52583bc350c02059a7c14d0f
SHA1 a5fef571e4bdeb432716dedfd63158bdb2436efe
SHA256 98e4991e11845767a74208dc892148d22e32d30856aac756a586e6f01720ff5d
SHA512 0834cac44315adec41daf3dbebf6494a07e00d1206a86cdb8e917c638cf81491759b70f5f2c463ed9b8a5676b1903c8c72c0707633ebe5671247b4abf56e457b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiW7UzB\prefs.js

MD5 65b519aae29f353df8956cf770c72dce
SHA1 e0715e71a204c96fd2e8281163d8665e01e52d19
SHA256 bc4add1f5861c89d892719c3ecbd1d7ff56c675003191863b6ecb0f35de1ad08
SHA512 005e35d9d0368173688db536806f795894d14ce4ec13734f0e7215b8a0a9e6ac52f5210c5bfd6eb34e07a4bcdc4c594917e102aa5629ac22478d94c6406e2322

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiW7UzB\prefs-1.js

MD5 308f72619822d2165fa5d7aa95bea13a
SHA1 55dd7c7a19d5267b91f21681465be7743665c45a
SHA256 8cb896a24a6d21fd348c31d27e06624882433eb1bb786848d16b9d2942a4af63
SHA512 fdc739b684f354fb8f2a20ed34c56f30797253e4a4282af8598242cc0f370ea483cf29a309ee81dcd6a99c5a89cbfa912f3987e4f6503be61648ce2442a6e808

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\startupCache\webext.sc.lz4

MD5 362c3268b9870f0295e83afe500ffd7d
SHA1 fedad1d4e6a017789fccd72ef78613e3a43758bb
SHA256 e845f2bbf37e69ab707aa5ea7540d6142215aa9559580ef4ee8826cdc551c74b
SHA512 928c5f7af896953ffaf66e00f556499c31c3a70261db257abdd8cfa9ed0c2b7e6510f4dc5cc1664c00206acd49803fe0e85333cd3766642e6c0f637851886649

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\prefs-1.js

MD5 38d1a45ba079e65c838991f95ed39496
SHA1 075363b2b5dd120b81d1c5d83f870af6791c52c4
SHA256 d82d20d64aa7e23e2f84bccc724469cf5f9c683940db6b554eb4f3d97abedff8
SHA512 da6b860079b99270bcee89a36d12d9eb002574d62a88ef7e4fb27c34db0eeca225d30c05b12ed24e2a79bf23b62f2399cfa4c209cecdc948718c4f3cc86445bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\sessionCheckpoints.json.tmp

MD5 c543c589f3219b3a444ae60b83e2b08e
SHA1 e259a2fced0248129e02dffb6e0f01c4b33783d8
SHA256 65f9611478b292ef0f493dfe7c2443e2d4e32f7f1999ad4fb71bfd5949503d27
SHA512 ff2083db0cc99bfaf0f2e10dea6ba6812e1cf32021d826a222948dd8b207dc592cda88c6ecba499ab50e6bf9eba75b0d53110492445b7babeeaa2b12512b01a1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuxUcaL\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecg5ETm\user.js

MD5 f0ffdcbb298131b561dc0ba711ee5043
SHA1 360d240f3eea96d437ffc9b7be91adeeb60815e2
SHA256 6ac4fd52bf3c261d3c062291e7371ebcbaaab9a4b78a4ef89b35c476d1346687
SHA512 5667cea94a74744fbded9645aef5a33c321ef57e28f3cd759d0d5782a2beb251ecab6d756f7029bd47ca811fc1473ec5bc31b7a802d5599478033b105def2b77

memory/916-1603-0x00000000035F0000-0x0000000003600000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecg5ETm\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecg5ETm\prefs-1.js

MD5 3ff9ed57e40ce3819589d3f67e6649be
SHA1 d21d4b9fcd8fde0b74a3a3cc936536ffa2d4b888
SHA256 01e445a666ba68629493c2663700612cdd7f3db4a8c6bd04a4a7129368da318f
SHA512 61e738e1bad8090a695616556bdd708ef0293c6a079f049f84f558f7a0538014d1cd542ab009804934e7f93a23b2688efe8fbb92430958e22a91b4b403236d25

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecg5ETm\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecg5ETm\prefs-1.js

MD5 90f301a94170458d9c9c6e732b419a75
SHA1 5742d3a03535427dc6468b9b1b076af9ce6423fb
SHA256 97ab2d65253aad699d0f5ac6cdb10c54f1315044df1a24af00a4884959fee79d
SHA512 049a3f2e8d29c6803cbaf7a5999a6c65bf21698bfe396c53a18f2439a0f59a665e8ac8106345c12f0175375970ad0c8c6b88a0f0a0852f266c037ff6c64159c8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevRarwK\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevRarwK\prefs.js

MD5 5cf82673e1d68b6c363bcd6978c3ae22
SHA1 0fb90665ca0a769615d7ea1cc1101444131c0498
SHA256 c4c996b3ccbbb9ad3072b47bbc8f7aeef896d5b2504116c53719549a9fd675de
SHA512 3b0e780d06184ded7da467cd479f833c0e2c236e57a02e0ba3fbd8c478bd6e2ad47beb134f4e2dfc7a9089050cfe116fab9cf33550382c4341675a15c81a3c28

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevRarwK\prefs-1.js

MD5 6c807d9161e4f63def04bf4f428cf13d
SHA1 46f3281d1100b144f73e5079fa5f1c654a91e25b
SHA256 5c77c7f672706636383918d6daa1e6f3a7f2b61f84ededdbd32aace93174dc84
SHA512 7e26a22eb83993a5abed60b327ef60902955fb1fbc4291bcf44180727b3ddce03be1fae3924d16350dcffe13057428491dca8eb6384d80a5c89a2cbf15ee0f61

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevRarwK\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\compatibility.ini

MD5 7c46c8299cc4f8781be38593f6df4bd3
SHA1 a4201efdaa39939cb15d3eb54cfa2e7a8b416952
SHA256 e1fb0d935dfdfb40ac0c36cd55198ba424db5c6cfc5ca8968e02e1bd4f388be9
SHA512 e06b5e19eb722a4d27e5f82489e4f21b243a182364097b7c866ab753ec593b55f90af5a2f99e078a085fb52bab555c74472708ac56d831989d7f0ae4b31957b3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\WebDriverBiDiServer.json

MD5 f89966ec9ce917366d5784f887aa862a
SHA1 a045128ca2bbf70282f2c357add7d1a87aa243e5
SHA256 ac45c0721e0b1b30884b847b46ba04a5e1b4dfab7ca1b37c4bcf62b3582620ef
SHA512 1d24f8fb64a76f34d706c23f41e88e7f9b8a281c926cccdb41c21c61ae893f2ab22218a10aa6d4b958426915ce8389870ede2c51c51ce8ab4f32d7cdd161d4de

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\startupCache\scriptCache-new.bin

MD5 d7c83dfff8be98d3c2da38be05dce821
SHA1 ba0f16bc6ad99ee65d67f55ca02750c2c7eebb8c
SHA256 a71b9746fc192e2fa55ce1e528dc8df390ad4d1826692467047ca54f12ecc968
SHA512 159a8863bf10888807ca3193c8518888134de5127a6251c64cbe9db974da428e927a8ce000ffda0c4871a06490c710101cd18a911cdbd54cdb277b90da06f707

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 175a4c2102e02d54335533ea4f395ea0
SHA1 32015863fc3b3efa38f36a3f6ae046e379a0fc63
SHA256 298f55e4bb4b3349d82d3cbc4d108bea58467e6bdb3a900f4619b1b7f080cb4a
SHA512 f1e5e9536d468f13dc1e5e486bfdf7f26c8bffd2e09949ac637feb520383d28e10246f8d3a399249d05309f382815d706bc75b31a7e4dc7247548fadf7a2824b

memory/920-2698-0x0000000008340000-0x0000000008350000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\prefs-1.js

MD5 29ed5eff377c196e0fe4a6ccda5b1417
SHA1 c2545853ada6145adb4a26ba78b8e9c6d54cf203
SHA256 27af15f668ad6f9b59257909b358156a1f774ebd52d7584df28c47e7a398f6e4
SHA512 fbcae56c8dd421e879b579a27c58b280edfc5a54bd662c05e2c79edcb4d1f79bd7c4614a38cd766628dc7bd02c04f0c16b678cb3a084fbbea6aaabb31a6206c5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\prefs-1.js

MD5 edfa572474c9d36d3998295b4611f7ef
SHA1 856ba1f3de2ac02d310b2ddf93a0479215a34b2d
SHA256 f5848f1c6ef6534af2aa210897a14320a4babee82b63e9df308abe164fdadaff
SHA512 bb8747290ca4db9938a475613891ce6106b8549311153335570cee3e7af012d71f67ea800342c7a456d93a28a15849e544d04c7de5e0d5906c9a7e12b47f0c73

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexR0bWA\prefs-1.js

MD5 dad10f76cba37e4b391d990eb68a11cf
SHA1 58f44e42ea88c660d9a5cd90e0f83e4c663ceff1
SHA256 c77438bdfc942f9c717ced302471b535f8d58fbc0492b57a118118e9eb70afbc
SHA512 958e2586a147d8fe33e3055223f2c5a5d0904e1d4052ffd0e8cc8a7742af25c19a3666a7db8f53217879010ee6e6a6080be8108bf8c0349a32c3ef9d3740b789

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWbtL07\prefs-1.js

MD5 06cc0b5cd11e69641de186236ce8ff2f
SHA1 67fea38357b955d1118fd0cd38e3455121bd0e54
SHA256 5f4890202029755dac9eeb4f25f859a134d2b8442da95ddc8ca795f8ba641fe7
SHA512 597d1ca3a72d7d04f4d03fb31935c2ee191c800178f796b551e2f7272d2725df43d3ea2fd7ca17f7d00408947575076d9d6b1be6eae629815e339d73fb9dd440

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWbtL07\prefs-1.js

MD5 2a4ba3337625f16d2347100fc3acbd98
SHA1 ee6845e9e803361f14043c0c40eba560bbc90ca9
SHA256 b1e0d4729c0ffa2250da452e1d9d8f1b57e7b674ba804f0ede9dc8e3e21335f2
SHA512 982a2df22945bb9278a534cdc6ead70b74b270f3dcfbe6538f599f6c1797e72d917eac99e274d5c12f69d77fbab969c0fc881bdf3566802cb7d2e24b6f5e2e97

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledXswGg\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2928 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2928 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3980 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3980 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3980 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3980 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4592 wrote to memory of 752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4592 wrote to memory of 752 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3980 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe
PID 3980 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe
PID 3744 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3744 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 4744 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe
PID 3492 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe --port 65047 --websocket-port 65048

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 65048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecykUHl

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 65048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecykUHl

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3492.0.114328159\1372285889" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {68d44a73-33af-484a-905c-e0c18701ece6} 3492 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3492.1.890992918\2105247900" -childID 1 -isForBrowser -prefsHandle 2484 -prefMapHandle 2924 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {0aa0bbdf-99a0-48c1-a972-c1bed1780d06} 3492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3492.2.2087034130\1207048436" -childID 2 -isForBrowser -prefsHandle 3100 -prefMapHandle 3108 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {c93f6a4b-791b-40aa-a967-bd8672de0c5b} 3492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3492.3.158886379\42141938" -childID 3 -isForBrowser -prefsHandle 3504 -prefMapHandle 3232 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {01420e7d-edf1-48d6-b9f3-6ac68b8698cf} 3492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3492.4.424798254\184464956" -childID 4 -isForBrowser -prefsHandle 3992 -prefMapHandle 4016 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {025aea1a-28b1-4495-bc6b-91fff1080605} 3492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3492.5.867466179\600035662" -childID 5 -isForBrowser -prefsHandle 3416 -prefMapHandle 3224 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {8cb2c693-ff18-4678-abf5-bde10a89b6b7} 3492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3492.6.2121018351\86642338" -childID 6 -isForBrowser -prefsHandle 4244 -prefMapHandle 4248 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1180 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {58dd5fd8-cb68-460c-aacf-ffddd0343f61} 3492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe --port 65047 --websocket-port 65048

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 65048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 65048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.0.218621848\902755294" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1640 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {0035dce6-9bce-4a2d-abe3-73d16684902c} 212 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.1.924147391\533170129" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {1054fdaa-0d18-425d-913e-e6be5c7dd0ea} 212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.2.223804852\861788587" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {8abe36a5-b00d-4a8f-ae54-fcc1721b25c5} 212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.3.868311507\614018616" -childID 3 -isForBrowser -prefsHandle 3352 -prefMapHandle 3340 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {805e792b-760a-4427-91f2-22383cc48a9c} 212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.4.333888067\799013410" -childID 4 -isForBrowser -prefsHandle 3312 -prefMapHandle 2604 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {a2a436d8-2527-4b54-949b-586b1a14530b} 212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.5.1291539771\1077591487" -childID 5 -isForBrowser -prefsHandle 4216 -prefMapHandle 4212 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {15f3bd51-debb-4a45-8dd2-9a9182e154d5} 212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.6.781008593\540463083" -childID 6 -isForBrowser -prefsHandle 4320 -prefMapHandle 4324 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {b29b0562-e069-4eef-aabd-ee16867bf21a} 212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.7.2030199201\1637493858" -childID 7 -isForBrowser -prefsHandle 4776 -prefMapHandle 4780 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {97aa0614-d62b-4598-9020-69952c3e97dc} 212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe --port 65047 --websocket-port 65048

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 65048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQnTOtq

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 65048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQnTOtq

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.0.1240747524\1364395397" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {4d4519a8-da7f-406f-8e28-6e71f87dd629} 1936 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.1.585851869\711587552" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {202fd975-afee-41c0-80d9-ae304ec6110f} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.2.1150688304\1232378654" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {c65fc970-09db-4a97-8877-a60fb3d78320} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.3.869394218\1893255429" -childID 3 -isForBrowser -prefsHandle 3252 -prefMapHandle 3256 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {f79a69df-0db8-44b3-874b-37bdc9ffee0e} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.4.1377429005\675330264" -childID 4 -isForBrowser -prefsHandle 3888 -prefMapHandle 3892 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {d064db46-cfe9-4628-aa6a-d40465530761} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.5.597814326\607808246" -childID 5 -isForBrowser -prefsHandle 4056 -prefMapHandle 3968 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {8fecaccf-10bf-4aa4-bb00-6de5b07e9cf5} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.6.608630122\198894969" -childID 6 -isForBrowser -prefsHandle 4172 -prefMapHandle 4176 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {4d666cee-3f5f-4590-aded-5179a73cc5dd} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.7.1433499379\88438099" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4192 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {5bc1b090-0c7c-49bc-8b34-f75a2330fb17} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.8.1848685700\640987215" -childID 8 -isForBrowser -prefsHandle 4792 -prefMapHandle 4796 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\browser" - {9f0d1549-0a76-4ddd-a09d-56867dc8e7ae} 1936 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 199.195.251.119:9000 tcp
US 8.8.8.8:53 119.251.195.199.in-addr.arpa udp
N/A 127.0.0.1:65099 tcp
N/A 127.0.0.1:65101 tcp
N/A 127.0.0.1:65047 tcp
DE 188.40.255.114:65002 tcp
IT 213.109.192.61:443 tcp
N/A 127.0.0.1:65047 tcp
US 8.8.8.8:53 114.255.40.188.in-addr.arpa udp
US 8.8.8.8:53 61.192.109.213.in-addr.arpa udp
N/A 127.0.0.1:65255 tcp
N/A 127.0.0.1:65263 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 15.204.226.3:443 tcp
US 8.8.8.8:53 3.226.204.15.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:65047 tcp
N/A 127.0.0.1:65047 tcp
N/A 127.0.0.1:65047 tcp
N/A 127.0.0.1:49254 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49262 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:65047 tcp
N/A 127.0.0.1:65047 tcp
N/A 127.0.0.1:65047 tcp
N/A 127.0.0.1:49663 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49678 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI29282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI29282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI29282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI29282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI29282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI29282\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI29282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI29282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI29282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI29282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI29282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmply2mikpa\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI29282\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4832-493-0x00007FFB9F530000-0x00007FFB9F531000-memory.dmp

memory/4832-492-0x00007FFB9E950000-0x00007FFB9E951000-memory.dmp

memory/3160-539-0x0000025C8B0D0000-0x0000025C8B100000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecykUHl\extensions.json

MD5 747f35733d0a82f933c7ed55657737a3
SHA1 3c25b3df7c65d1a57a7c78f2e2982506d854249d
SHA256 85047c24a134f04290c0ac46ac6555878279d9aa18c90fbe5c7ea8168bf698bb
SHA512 be95ea42cdbfbe50fd6fddd5964de0a0f0153ca3cf7bf8d18bbee5465b1ee4fdfbe4f333a03391b31edd54e4f63fc4c4ce7323cefe62ccdd62912df2da254e38

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecykUHl\prefs.js

MD5 ccde6c0e1655562ad3e08e37f73dc743
SHA1 9c43fb135f39abd9e60e2dbea0951c5dd3a434df
SHA256 553a905cd6e0cbfe0450648348feb0d469959b7a6acc6b090d4d6af0f41df6d9
SHA512 9571778decb4458fac2198d1e8fd02cd72a3d829cce55f13f62d4633fcb7042298f50917be60be10d29b2006eb544535f3bdef0de2d460988eea17caeea6ddce

memory/4832-605-0x0000025FBDC70000-0x0000025FBDCA0000-memory.dmp

memory/1624-612-0x000002CFD55C0000-0x000002CFD55F0000-memory.dmp

memory/952-615-0x00000237BD000000-0x00000237BD030000-memory.dmp

memory/3732-614-0x00000282FB700000-0x00000282FB730000-memory.dmp

memory/1840-613-0x000002DF87190000-0x000002DF871C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecykUHl\prefs.js

MD5 f5dad381a52a840a900e391bede28dfa
SHA1 d2979d3dd59caa1191e457fe532ef78799a2b0a9
SHA256 101f44f604813a8f78c07075538838235d31671d348dda9335f6e62a5c3f5de0
SHA512 3dbe1a4858e339d22916b040e393b8748351c70a74001ce79f1781581c85241f84ce9c8c4307053a8f958d39307d409dc1f22ce8bf4931204179bfe41cd9d517

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecykUHl\prefs-1.js

MD5 95363f70c5521e79c7b56cc877b5c381
SHA1 97d9293ae1d66ad2693e1aef6485504278726e15
SHA256 2098e55b1c32ddf5282caab7e44dc75d6411ce85d949a519bc8e8ab9279e90a3
SHA512 9baad8b140970adabbb9ff802fc81a25b36f85f84ef2d1877c293940ddb52b05a32bc9f17eb6ca15980852d24e575d7932cd81184568520a6c2e46dc619ef25d

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 35aacb7e5d17eda61b55d6ad230b25b5
SHA1 2e616e480e98f70c19c40bd343f65794a9ab9f40
SHA256 c591f31ded57538ad35cbcbfffdf2faf3913fd78398a5b8be7623c5859c3d937
SHA512 8dafbe434a29e9a68340219f0ce3f09f543590d163ceafe90bb1315abf7e7ec42ff1c1a9bdf282c7c8802fdc50cbd7ece374f8496eb44291bc5d85779f9bbb25

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4388-877-0x0000025478050000-0x0000025478080000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\prefs.js

MD5 7a63910cfe8b74ca627fd92455957a73
SHA1 0522e8989be4c3a68eb9e0da822934a20833e2dd
SHA256 b8d42ccb261a0d42a1c6c0b23bbe504578703a63a9378f9488083abccd2fe27d
SHA512 5f62f0568f781a6cf639ebf0c6c1d0822af62c8cd8e9d2070f5768d318b7f776236024a06c5faec695173cf10448ebe4343f42a1d02cad5ab471197333c8ce09

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\prefs-1.js

MD5 81058df75aee760da9a45290090c75d2
SHA1 9357a298a682af31a027b9286a77c563ec88286d
SHA256 dd0823304b5ecba91823fad907e45a86b6cee5b69ae13ff07d7a442dfe997267
SHA512 ff1bc18b4664682193e8768f727d379204845ca06e375f350e809f155a1f96faea1f2a0488b0c37ac8329c3e2c34f5db5a4b955674281d3a19386ea7866d7424

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\prefs-1.js

MD5 b1139d1989833d2a8dcc1b95f46ef0fd
SHA1 9ca3167d7d8127d9828b004ad2d63e0f11def26b
SHA256 c8f9d44a985391f381989506f8c2cf744e94f7fad8e7f0e5dfd98a5395a48821
SHA512 c0eb65ca70070465ec724432b00b43e58fa2cb816b8a106201ece0781af70bb71b01ae069d1e444251847ef4b8a9d40dc2d9ab72f021dd3f9748eeba9a5ea0a5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMGk8oi\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQnTOtq\user.js

MD5 ccf00fca0fde89da1207a2d66491b545
SHA1 4d67b3f6e61c9faa3220c9eb982f1ce105b7c365
SHA256 c09e7385c69bb595a21ad0ea19dad939dbd14a202941e524aac9c88b97919405
SHA512 bb7598966101208f663d3b134b1cbb9a069362d6e7596cdf349d904684f69b7551a3ed521e49a1c8ca4302108b30aba60d81d09bdfb2dd597b1a5d607b5978c0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQnTOtq\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQnTOtq\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQnTOtq\prefs-1.js

MD5 09c440ffb6f3bf02e4d14ad296264b4b
SHA1 e339865f8b0fb2a66560f57f72bf547124a934eb
SHA256 c1162ac0be55307d1609dcf8dbb53d70149dbb33fc0b3823e5d871ec9892c3de
SHA512 87d5cfc19e11da8875ed5c22e91cc462da8b382e3eb7f3aea9dc8a96a836a211a5f923ac9a9a6eff027897baa9666a7ff8174792dab1bb9f831933897e7372bd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQnTOtq\prefs-1.js

MD5 8e34d9160ce5dbf2f92ed176385f3988
SHA1 d075f8b46936712e683f926c51d704cfc968a8a8
SHA256 3a4c5a3badad6baf46a4c9184b6537875998786f2551bbe849f61e6676d7ac70
SHA512 668413dc81911cbd4e49ee2083b93cb12ce19b995f9b3ba8fe01cf9d7b17f5c73aa1a4d739f0dc98b84270b55b5869f28a9183e427c12269a247223d40ceeaf5