Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-bffjxscb92
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks whether UAC is enabled

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:06

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win7-20240508-en

Max time kernel

300s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2416 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2416 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2416 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 320 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2044 wrote to memory of 1128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2044 wrote to memory of 1128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2044 wrote to memory of 1128 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 320 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe
PID 320 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe
PID 320 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe
PID 3004 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 3004 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 3004 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 1800 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe
PID 2296 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVUkcXH

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVUkcXH

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2296.0.411931329\1418728031" -parentBuildID 20240416150000 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {41f9dd28-4f09-4a5f-a001-9841d0181557} 2296 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2296.1.1437832137\430564121" -childID 1 -isForBrowser -prefsHandle 1808 -prefMapHandle 1952 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {23bc054e-f888-43e4-b81f-8cb0e4630d61} 2296 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2296.2.290090316\1919333328" -childID 2 -isForBrowser -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {a725401d-eda4-470e-9395-6b414e8cbdcc} 2296 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2296.3.91533322\35425520" -childID 3 -isForBrowser -prefsHandle 2540 -prefMapHandle 2544 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {2e541d1c-6d36-462c-8588-8c4416a27912} 2296 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2296.4.753859695\1242800813" -childID 4 -isForBrowser -prefsHandle 2804 -prefMapHandle 2668 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {dbcd08c2-1d05-4cd3-b5cb-a9ed20cf9ec0} 2296 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2296.5.862841062\859916692" -childID 5 -isForBrowser -prefsHandle 2908 -prefMapHandle 2912 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {517aaf39-7a73-4ba4-b3e3-ac884f3f5a8c} 2296 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2296.6.946475476\1468883178" -childID 6 -isForBrowser -prefsHandle 3060 -prefMapHandle 3064 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {b6973fbc-b1b0-4998-899c-5d5c5694d1f9} 2296 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.0.134927456\1691459709" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {f823c2ee-7587-42ab-a038-c2cb9efd4a89} 1824 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.1.2129585689\2123402147" -childID 1 -isForBrowser -prefsHandle 864 -prefMapHandle 960 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {6f227aa8-b28f-4e64-a233-233eccb15411} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.2.1067962280\511283721" -childID 2 -isForBrowser -prefsHandle 2220 -prefMapHandle 2252 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {4388400a-a207-49fc-b562-c1b652115295} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.3.184824276\1075195685" -childID 3 -isForBrowser -prefsHandle 2592 -prefMapHandle 2392 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {7c58e5b0-235b-4d1b-8fac-a97806ba9e77} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.4.393246161\918614064" -childID 4 -isForBrowser -prefsHandle 2180 -prefMapHandle 2712 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {1e0af2d7-a9a3-4a86-9009-bdd05b1f08b1} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.5.1618584940\134354293" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2932 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {fca4c6fb-faff-49b9-a3cc-7efdabb1caa2} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="1824.6.1612466130\1700083422" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 3104 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {399e88a8-e23d-459c-a6f3-98179a3b0ff1} 1824 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehXx9Bg

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehXx9Bg

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2248.0.49337953\1118927371" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {9d74adee-d4e7-4907-900c-41abe5b9eca4} 2248 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2248.1.396302647\638839873" -childID 1 -isForBrowser -prefsHandle 2184 -prefMapHandle 2172 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {9901fb4c-7fc9-40a5-852a-425583b1c4a7} 2248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2248.2.1739799081\429230189" -childID 2 -isForBrowser -prefsHandle 2248 -prefMapHandle 2064 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {b428d07f-305b-4259-94f6-8e2fe962e0ac} 2248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2248.3.2055099040\454649761" -childID 3 -isForBrowser -prefsHandle 2496 -prefMapHandle 2148 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {8ba29f15-2f48-49c0-82e7-9a714518fdb8} 2248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2248.4.1943296032\1379000515" -childID 4 -isForBrowser -prefsHandle 2732 -prefMapHandle 2736 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {12e23e59-16eb-4242-a08d-45aaa6c17d11} 2248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2248.5.1120771107\721483303" -childID 5 -isForBrowser -prefsHandle 2880 -prefMapHandle 2884 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {d3776d79-6516-4bd2-9769-acecd7351c98} 2248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2248.6.347734422\1654238505" -childID 6 -isForBrowser -prefsHandle 3024 -prefMapHandle 3028 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {1c0943cf-a692-48b2-83fb-0713a02a1ffb} 2248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe --port 49468 --websocket-port 49469

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSOBeY

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49469 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSOBeY

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2440.0.332239367\1709987362" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {fa096204-25bc-4967-b416-a380f650bab4} 2440 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2440.1.1251717256\1697747323" -childID 1 -isForBrowser -prefsHandle 1804 -prefMapHandle 1868 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {cb2ce7f9-d92f-4abe-9575-6ec4964f9b4f} 2440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2440.2.532510055\1684734796" -childID 2 -isForBrowser -prefsHandle 2304 -prefMapHandle 2240 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {bbb2260c-d21a-414e-a6db-8a90b4501530} 2440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\firefox.exe" -contentproc --channel="2440.3.1971277366\2118753963" -childID 3 -isForBrowser -prefsHandle 1632 -prefMapHandle 2264 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\browser" - {e25adfb4-e970-4e25-8971-db11c76356c7} 2440 tab

Network

Country Destination Domain Proto
DE 79.201.239.54:24192 tcp
N/A 127.0.0.1:49474 tcp
N/A 127.0.0.1:49479 tcp
US 199.249.230.159:443 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
LU 107.189.31.232:9000 tcp
FI 185.103.110.65:9007 tcp
DE 194.36.147.51:9001 tcp
N/A 127.0.0.1:49666 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49702 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:50171 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50206 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:50646 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50681 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:51104 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51139 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI24162\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI24162\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI24162\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI24162\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI24162\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI24162\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI24162\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI24162\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI24162\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI24162\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI24162\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI24162\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI24162\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI24162\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI24162\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI24162\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI24162\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI24162\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI24162\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI24162\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI24162\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI24162\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpxar3zuyf\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI24162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVUkcXH\extensions.json

MD5 97c08dc2bc7d9c4164ae472ad6752947
SHA1 1c1f5e1d0d61c710e79017df5aa85bd8f0bafb1e
SHA256 1906285ce6dfc6b3afa55bc442822cac892aabaa85a4e011da62bf0914405197
SHA512 65de7d7aedaef6c11ed7d1e476d890e23b1aa9a07b93d66c25fcff010d8d4bc358f958de08750e6c752a4951a6a1a737d498c177997038eab909a0e43746cd75

memory/2296-698-0x0000000007540000-0x0000000007550000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVUkcXH\prefs.js

MD5 98f9261958ea9363ce16c40567d4b742
SHA1 7a6b46b58957c1952b8b2918a99d431585199fbc
SHA256 9d6e177be697b9eb900afda21243fe7a14ae42575bb5fa43d1c4b8b3f7747dd5
SHA512 e35cfc1dc27890dc3779de9a2170d980dc41613ba8707f0c13b135664da36f8942c853b72d155f72ed9d7226c2b6cbbcd5ec6f69e98ffe0794fa6a52db882661

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVUkcXH\prefs-1.js

MD5 e8d62ecbd85942b70ebb68357db63853
SHA1 e56e4defe3da2194b16186e61271ea9fb6a64b21
SHA256 b950051c4f96215569ee70589932fb4e865f116ee23f9438ae452f81f4eff2ec
SHA512 9c2dcea67757bdbbeeb63e07a3b35840adde3b2df90541ca330261d61fd429c2064763b4ff65fcec24cf0ad07d68b92f3b4610bee3ad8f49dc3adbbf887106ce

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 87ffedf5b88374a9b80b9e2105171987
SHA1 0fdb3b790655cbb7e255939ddf3881219324b180
SHA256 0f50c368f27453022d69a1bc87ef79f366bc7ff82275f77db1ef045b1785e70f
SHA512 a88dac199c0a396b71a0ec3874e9fa3b40a111e5a2ab121539add7a8f2ebb6f666ca44764e9120b70195e0ec01fcbb6d5469766bc79e1f881a322ea1feab4a8b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVUkcXH\prefs-1.js

MD5 f2662a050ffab8c89443f1455c348120
SHA1 b3d997e75cbedaebf650db52daf2dd15e0edd539
SHA256 b3dc9dc099773310b4bc3cd51a168a1048cd24c293fb9baff91d65beaad387d3
SHA512 b72e6e1de507fcd3cb47cc65caeda424c690ba48a10035bee39f379046e22a1e46edb32713e8bf0624eb90a89c7ee5a744a7fa227520335b453f94e52263aa74

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\startupCache\webext.sc.lz4

MD5 eace6785f8eaa5a1324fdd7810fb4500
SHA1 3d1a342ededfd6e519f9ba9c2a02c5072a0be11d
SHA256 c3037daa063ab7bef314bc6135653e7f8cdc4326dff495eb6b52f88405048b1f
SHA512 2ac5c7a5b945c435948265093bc56c2b883e3be2c033482e6cc853a4b3484cca2f358260ae1a846cbf16698a3b5c434fcc39b44b230464314dcf2ce5763e6897

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\prefs-1.js

MD5 c45b90280efce9a89ca50443ee739870
SHA1 ad475fdfbea2a44484cd6a26c12e3818d50cde42
SHA256 2031fff968af75f723797ffba2c1bd7c899e845d27ab97b5e66f706b53f6fd0f
SHA512 b76470402e750d8faf73ffdc174c1f52f9da8a65989a473055b6670eab61e53adf4dfe91225f5723a532299e4fd5153c77f2672cec898e9684820903a2e279dc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\prefs-1.js

MD5 585a190d93be1bbd944fd95cf8ad8e0d
SHA1 a18399f438a1887872113c97c50686ed9f1f791b
SHA256 7cdfc514828749449b7d1987ff82596bb743e204d7323ba9f295d45d0af723de
SHA512 9928e8226336e1edb98721ecab5d2b9be25d2a25f61a173cad3b47d6f7cdce6baea721a4c86f2167d8a5282822f9567daa4a89bcb9dc1fe0598297082c65b9dd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMCkSFr\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehXx9Bg\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehXx9Bg\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehXx9Bg\prefs-1.js

MD5 6876ff910bbe12ddb5f038afc9ece0b4
SHA1 ce25873822f90d3738120d14efd3f5cbc03d7e63
SHA256 1088e38ade3e6506a804463edc1ccaa2eb8026b65dd5bab7d88cc697b315de62
SHA512 a623be317332e79866dfdc5719436ae39dd2aa51ebfe2384da7b7b976ff5ad5f61caed607adb4049df67e282939d87984b03a822895f891b749dc2ca1b3c9b38

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehXx9Bg\prefs-1.js

MD5 c91bd0b67362e6c90972ef219162f928
SHA1 cced72c0e9a148bbec93a61814ed9af4df32f119
SHA256 cd92bd96f3c9b9d907fef650bddf6d84e5ec92a8a31aeba3550d5d996aecceda
SHA512 5334277d6e560ebc69cba2f5d3439b94f40ff6fd9c08a7ff152a34f0a04d0848461bc4e1e79b6995bd4aac4b8f7dbadc62c8ac8fa4fe4097c9b892f7f5165277

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehXx9Bg\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win10v2004-20240426-en

Max time kernel

301s

Max time network

312s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2352 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2352 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3048 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5028 wrote to memory of 3372 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5028 wrote to memory of 3372 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3048 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe
PID 3048 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe
PID 868 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 868 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 3652 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe
PID 2044 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEy9qdj

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEy9qdj

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.0.889387074\1362188234" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {9f48df9e-0ecc-46de-b4f5-3b5942460eae} 2044 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.1.1416771902\402714688" -childID 1 -isForBrowser -prefsHandle 2468 -prefMapHandle 2336 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {f0444fb8-adc5-4bc0-89ea-49c5ddee09c4} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.2.11531603\1996780435" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {bdd9b970-7252-4ea5-9d6d-5d9f1b845612} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.3.2057660527\1663978151" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 3620 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {81131f50-a025-4a7e-bf67-ca310a0ec36f} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.4.1236427670\2091836779" -childID 4 -isForBrowser -prefsHandle 3664 -prefMapHandle 3644 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {0fa3a4f9-f1a2-4162-aa24-ee739dec3434} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.5.1910677865\1615164327" -childID 5 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {8897de3b-259f-4f5f-bf95-b6afb20aa217} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.6.892822869\2043655948" -childID 6 -isForBrowser -prefsHandle 4228 -prefMapHandle 4232 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {29845463-22fd-4ca9-816e-a18095c2bcac} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.7.263299324\209819988" -childID 7 -isForBrowser -prefsHandle 4384 -prefMapHandle 4388 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {164098ec-09ed-46b5-b6f6-67c1de51987c} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.8.2013710785\1223106821" -childID 8 -isForBrowser -prefsHandle 8840 -prefMapHandle 8816 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {8b5bcce3-49e9-4f84-898b-efb775d1ab20} 2044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.9.262805217\2071754114" -parentBuildID 20240416150000 -prefsHandle 8596 -prefMapHandle 8592 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {ae83f68d-d1ef-4c4d-994f-bf860b7b3907} 2044 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2044.10.1131536349\347946155" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8608 -prefMapHandle 8604 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {f2dbc448-f2b6-4e3d-8927-45276300e351} 2044 utility

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6140.0.1787719964\1715238102" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {5a0dcfae-e398-4250-a074-e9a783321e07} 6140 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6140.1.2064918116\1724100901" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2520 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {1a62f2eb-82d4-4f21-9fa9-e72a61e70a21} 6140 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6140.2.1420726646\1994766826" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {09c790dc-610f-425a-954c-0bd64ce187f5} 6140 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6140.3.2122297852\1465865428" -childID 3 -isForBrowser -prefsHandle 3308 -prefMapHandle 3228 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {64353ec4-df9d-46a0-9081-32924cbfe496} 6140 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6140.4.149032816\1381358607" -childID 4 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {fc0435ed-a8eb-42cb-a1cf-2d56aca37246} 6140 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6140.5.2119300628\1513989741" -childID 5 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {821eaf10-ce9f-4613-9ea3-48008d5961d5} 6140 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6140.6.44070493\1167895421" -childID 6 -isForBrowser -prefsHandle 4204 -prefMapHandle 4208 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {d098f8d6-7a7e-43e6-a210-1b202b1c12b9} 6140 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.0.892452746\839366120" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {f8e14854-fad9-4146-9551-2a403f58f959} 5636 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.1.697541904\652517336" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2560 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {226fe0af-213d-472f-834f-23645f580817} 5636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.2.1973001219\332867741" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {fb2304dd-eba6-4ceb-9603-fee89f07e960} 5636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.3.2147208291\1117583595" -childID 3 -isForBrowser -prefsHandle 3580 -prefMapHandle 2296 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {585f8563-907c-4af9-85ac-62dbd120b290} 5636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.4.998027389\1016178420" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {61d7eb72-649b-44ca-930e-f82417de6bd3} 5636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.5.1772094803\527453022" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {e59a7984-b1bd-4c5c-8c8b-224e50aae323} 5636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.6.2116354815\1394783903" -childID 6 -isForBrowser -prefsHandle 4220 -prefMapHandle 4224 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {bde246f5-acd4-4c1e-bd97-109737660eff} 5636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5636.7.343128982\276164225" -childID 7 -isForBrowser -prefsHandle 4068 -prefMapHandle 1408 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {8f4c00c1-643b-4aa3-b17f-9a6e822778d7} 5636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo3u0Pr

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo3u0Pr

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.0.1623797941\63810270" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {14958862-9d28-4054-8d16-7a3502f401ac} 3912 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.1.568578775\1382723771" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2664 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {ec912f06-f722-4ad8-bd60-8ad230cb8f1d} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.2.1866324659\667332799" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {c05c1e75-4fd5-4389-9928-ad2489fe8833} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.3.1128274995\1990660357" -childID 3 -isForBrowser -prefsHandle 3212 -prefMapHandle 3136 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {5b3cae84-1af5-4d8d-8bcf-a27eedc910bc} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.4.938284603\428308927" -childID 4 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {543f9e6c-216c-42e8-a2ce-20cf7e8e8c23} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.5.734789510\224921305" -childID 5 -isForBrowser -prefsHandle 3708 -prefMapHandle 3716 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {1ebd56ac-6395-4657-9d89-3436c22f3774} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.6.792297018\42084266" -childID 6 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {0d21e01b-3dcb-4099-a6e8-2138aad697da} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3912.7.168066433\2061134772" -childID 7 -isForBrowser -prefsHandle 4748 -prefMapHandle 4744 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {53232aa9-ee54-4cab-9c2e-6dbc844238d2} 3912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4828.0.1800596248\1867764385" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {ad794210-6f41-486b-9815-cd450b3c4b25} 4828 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4828.1.992279215\700401532" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2712 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {46fc6800-7fe9-48b7-bc93-7b14eb62a26c} 4828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4828.2.1680868873\452578707" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {8c56e21f-cd59-4144-9bcf-7ed4269c3daf} 4828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4828.3.79832527\1450285999" -childID 3 -isForBrowser -prefsHandle 3760 -prefMapHandle 3776 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {b833884d-bb8f-4cf4-b1fe-c5d22f2c2ee5} 4828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4828.4.786154634\465928909" -childID 4 -isForBrowser -prefsHandle 3220 -prefMapHandle 3256 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {dcaaab67-33da-4dab-8246-38aaf7ebe822} 4828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4828.5.1200957251\404138353" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {9e888052-a918-4004-bede-c0f0e47b9464} 4828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4828.6.1943263162\777540964" -childID 6 -isForBrowser -prefsHandle 4200 -prefMapHandle 4204 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {c34fe58f-2e54-4157-b4e5-9a3e024a39e3} 4828 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilec3Yp4d

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilec3Yp4d

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2500.0.214863593\827505269" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {161f64df-622d-4055-a73f-115a218ed50b} 2500 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2500.1.1655560415\729590147" -childID 1 -isForBrowser -prefsHandle 2404 -prefMapHandle 2636 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {781fef7d-c460-4fbc-9341-5a6971d0d81b} 2500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2500.2.1482320000\1758959999" -childID 2 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {cca7f597-5cf0-4739-b009-a4766706df9c} 2500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2500.3.940095459\1723664472" -childID 3 -isForBrowser -prefsHandle 3200 -prefMapHandle 3164 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {466d2003-6f89-4318-a818-16b52405f94a} 2500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2500.4.1903470767\1057709538" -childID 4 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {674f62f5-5855-4a30-ba55-5c1b5e686a12} 2500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2500.5.1204639864\1393214171" -childID 5 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {ccd448a1-531e-4ad7-afe1-870c15ec2471} 2500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2500.6.2046011097\1636432824" -childID 6 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {f1dba907-1344-4413-9510-b9e3b4569561} 2500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQalQI2

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQalQI2

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.0.458998959\2070450280" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {b3294eaf-29d0-4d8a-8f9a-5f79a58e44ab} 4620 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.1.1564424007\718061394" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {6aa19c40-8e7c-4121-bc10-f93ebb809ad8} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.2.915696748\1762812334" -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {46ba6a7a-675d-4db2-981f-b9c154ff6bee} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.3.88371141\1954904166" -childID 3 -isForBrowser -prefsHandle 3456 -prefMapHandle 3204 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {e7cf3c98-7774-4965-8315-4dde22c579e3} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.4.1132223981\2006891571" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {5ec0d852-af49-441a-8dd3-1dcbe83d8520} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.5.17335926\1760080739" -childID 5 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {63491d56-dd18-4314-86ec-70e10e1732ff} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.6.1989192736\1747440452" -childID 6 -isForBrowser -prefsHandle 3960 -prefMapHandle 3948 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {b9196519-6337-40e5-93f7-c077d300a201} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.7.457355649\974940268" -childID 7 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\browser" - {174f7b69-b148-492e-9946-fab5e745fe36} 4620 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 51.15.150.228:443 tcp
US 8.8.8.8:53 228.150.15.51.in-addr.arpa udp
NL 2.58.21.105:143 tcp
GB 185.141.56.28:5000 tcp
US 8.8.8.8:53 28.56.141.185.in-addr.arpa udp
US 8.8.8.8:53 105.21.58.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
N/A 127.0.0.1:59523 tcp
N/A 127.0.0.1:59525 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59628 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59636 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:60048 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60056 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:60327 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60335 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:60687 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60695 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:60987 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60995 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:61327 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:61335 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:61610 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:61618 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23522\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI23522\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI23522\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI23522\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI23522\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI23522\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI23522\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI23522\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI23522\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 3cc2eb7b27155019ab2a31af24e2b77b
SHA1 ff87a8489db5317acf73c14fa8b24d75c0c18ea6
SHA256 f213cef728b851fb057964080e18433290e52b114ff7fcd7e93d12dfe3659d70
SHA512 65061f2facd1d1d423dcb71c725676aba1197460453e189466036ab2bccad062ac867d320a2fe54a0c0540f32d1179f4531dce5d0fa7084cf2b14d4518d85328

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI23522\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI23522\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpsiswt8yk\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI23522\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI23522\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI23522\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\tmpsiswt8yk\webdriver-py-profilecopy\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\_MEI23522\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI23522\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI23522\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI23522\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI23522\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI23522\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI23522\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI23522\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI23522\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3620-491-0x00007FFF2EB50000-0x00007FFF2EB51000-memory.dmp

memory/3620-490-0x00007FFF2DAE0000-0x00007FFF2DAE1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEy9qdj\prefs.js

MD5 3e081c514d81feb1c9918e148414b0ad
SHA1 bcc8e45d88d8fe2f4a6ac9fe5e072a1c7f614546
SHA256 4605176f2e4c3f7de6f000b5005bb1cb448ac2f34b264637fd0cd62e0e3c2d17
SHA512 f5bccc245b17b4628d15232f8d78d02783aa4c8c3ab629787fc5c94d2b0c549bb06a9451c64008556ef2dbb894ce8104557e58c1cbe9d84c6852cb05bda721b4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEy9qdj\extensions.json

MD5 cf7fe1bfc2f5292d6b9edd5727cafae1
SHA1 74a0df4007ac749645c7be700552e050030f0c9a
SHA256 6640611aa26bb55e91be5785e75c293a007c9ba4e27225f3538fe94ef4ff821b
SHA512 c50025e2d22a89fc96980b1315643a2fdd87c221826c6e4ba964c4dc8a56d9032eed7cd10fd65835c69ee124a0002bf69fa21bedc02b07ff271b4d46a6e67496

memory/2044-565-0x0000011F6BA10000-0x0000011F6BA20000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 e8b0183f378d8d68aefb10dea0b77846
SHA1 f1d46a4d490dc9bd55bf5677ce58f9adda89a3d3
SHA256 f2b37bf5d4d7c30a180bf50784ed9c331bb46b206c28ae47d668b5ad911c9357
SHA512 9f3839d532e6f04de6798344a869e250526465f2f02b5a11e4a86a65d731550bd8c9182650bc51b00cfdf26648f03a7adead5711d77cd20723698431aef7a797

memory/2044-650-0x0000011F6AD40000-0x0000011F6AD50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEy9qdj\prefs-1.js

MD5 5c0d55006a5cc7ba293ad6f4481fdb0f
SHA1 e296da42bcabb012eaa0b6203932a3096e57f1ed
SHA256 92b262a9b4629938ed6841425a3adea89b798d9806886df7bf3bf8159419aa86
SHA512 f5a71193d8bf6d2359cebc290c8ce7b7bcfd3c4538b300c5831592a1fd5042f87711f6ef5a59ae0633ef2e602515e0efe3cfe9fb1ebeb72539590732790e2963

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEy9qdj\prefs-1.js

MD5 3828a0a6346a56ffada062f17271ea40
SHA1 48f1a65a7045cd8f6e70e747563feec035451c23
SHA256 8aacbc6f189b17a52b47be64fc9d4c35d64701a8e7dba87bdb57701e0cf2f34b
SHA512 49b1d24b56d9134ae4d4647afa4d475c02d9060eeb5552d8fbd842879924a663907bf9cea5d9369fe56fe38c40f8b53b65bb8d94d38466eaa06e034c326fa1b3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/6140-888-0x000001DDD1F90000-0x000001DDD1FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\startupCache\webext.sc.lz4

MD5 75c8e761f57d974f5181979d26bf1b89
SHA1 447d061656bac5966f823393f181742733f908db
SHA256 a6493a042f75c83b0811d6e80e3804e5fcfc6da28a84b2d2a552ad20119f5de6
SHA512 f38c997912d68f6d46f5993ca306fe4ad3f30969395a670f310bb80b646507c196109e7965e6354e973bc221cac594d5d71da8b0e55f352428051a1c77eefbb3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\prefs-1.js

MD5 b156d51d6044ca95be4021315ebb493f
SHA1 fdb266d6f7a71d87fad37eb485d339db57e8b925
SHA256 7e73166c442a3ef0bc9b39e73a26f5a0890782ee82a6b2ae731d5d48b4b962bb
SHA512 7d7e6b7ca29f70b7243ade9b858a46c6cb053c643229c60ede2d8c3daf233fd66467053ed99567591087c61acdb0ee5c82ea55a73cb1b40a0521da96ce5e95ab

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCev8aI\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/5636-1162-0x000001DC2CC70000-0x000001DC2CC80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\prefs-1.js

MD5 d6a898c438a94ec6a9b35998a1bddad3
SHA1 4ac1791079a4781b6d50e33ae9df6fcd8d7f51d4
SHA256 7e672891ff8f498689be67a87d02c0d14894bc3c00e67c864ed22a504165e3e3
SHA512 a839ac4657172de1c471ffa036ffed19bb7ff5d3e3ad7352e5d99a17ffd8e41a3c9a2160169c66a44f62bdcc16a299b311639ec69b47ab90069aed7e7e61e8ee

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\prefs-1.js

MD5 0fbc70ba696b0aaf21588f57ea0e7c3b
SHA1 9bbd293571a5948cbc91def535eb491c7baf76ea
SHA256 4181e72f7e9bc869a6f739f6df508e944fc346a9d3484913eb97f3a1276057bf
SHA512 27769cdad36fd3d42815529ee0003819cdd202a500d4342af2dd03939a869f6c4a9ae52b137a7837df8869277d2c3b42c725c828fe97ff360895189125570ff2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\prefs.js

MD5 e9d1406cdef0b4e4b75a60b3acad8d68
SHA1 316b0c0de803ae59fbcb7584237bbebf729ac9e5
SHA256 b717a9d31c2d95091642ad17088b18f47f85b510e1287163462dcfbd7b517f7c
SHA512 2d3caa5a0d2d1d916ea9d71186751c032d8ecdd4e4eea6ba7756439cf2e155ba1aa135da44db8ff4411bee4ead88caf280974e4559365445923f726764908737

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\prefs-1.js

MD5 0e5117ab6586eb5d51f72ce61615431f
SHA1 ce0e242ebf74eacabda0a779c6133615ba61af0a
SHA256 a9516782a2cf46d4860311459afdda109c481046cd92eae63cbb471252c8587e
SHA512 885b1b04719d10e033bc1b7d2a7333fefada3863b6ecf0efefa654788d97ae7ddd365ae4ca25700aac887defbca1228bdf82cdce247823e78c8b7462f48b6683

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile07SkDO\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo3u0Pr\prefs.js

MD5 f9303f65d93f62d919a8d416bac41c7c
SHA1 8460e18e0ab22aa1a742ec903ea2f657481de913
SHA256 c6c839d3a135a1e9a6d5afe95a39d72768c9b1c85a44355631b624fae856bfec
SHA512 8d9723dd70118a449acf6a5cddca9e37ad127d63365a1221e2b146095c7685d9e860ab6e080e4014ecf8cdb229c9c194acb659eae07cecbbca2a63e80a1b1892

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo3u0Pr\prefs.js

MD5 29c51e80a6007b8079cecff557c7916f
SHA1 20332f355e9c6c322d3444c8eedd62cf6f8a37fc
SHA256 0d6d5506a8691ca1e31871383b852789abe70941b886a27667d1dd70ce5c90d3
SHA512 a6667e27f4d13263131c0ca82654dd8b786fa2e6495f349f011359136ab7c24f791811c9054da7be15cb8b9f4835cbebb8d7192f616f8405980d69090b8c488b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo3u0Pr\prefs-1.js

MD5 cea39d17d6d3fa2d0bfeace21d509f34
SHA1 5ead1a85a0f83e7d772901faffebd54580cd674e
SHA256 934d463f2b3476f1a7bd77953a92ca0c977fc6ac87621550c0ab51cb5a263de6
SHA512 07c0409b8083a7d8337d0e9b560c1525bbeb9527d07f019c87148544ee41aba918ad7763edb695a1616b765aa9fb66d5b36c463b5ef38d7be8f98499855b4d33

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\compatibility.ini

MD5 ee4bc29cd6ea608902232e479d8bcb7a
SHA1 3e44c7e53b7b5814f566e7912637858e0bf924fb
SHA256 b8c467f00a499b08938941f571e157520ccc1f248f06952d0c315bc4b0ddcd47
SHA512 af1fc30f68f44a9e9216f4e9c3d25eea5a86a67acf9d03989516298ccc0326125c6fb0dc253d3a9558445ec1fc2f6661b4b74cf86b123d81f026ca482d625122

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\WebDriverBiDiServer.json

MD5 b97bd8f843de3630884b3ac8be7983f4
SHA1 23bf652d14de1a7373aede5493e529e871044a38
SHA256 47b126e9ab756eaa5b12eca4728f9c0df6d5fb4c8cb289c975b52facb93f7a8a
SHA512 c66e5d43a911a165c3114881a08f75a672b7de79ae094517572593fee721ab6bcf60afd27645b502ae3e778d123c6f778cdf2164300386f85364bcb8192df98c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\prefs-1.js

MD5 8fa307eda148f9e11c87a7fa4642f0c8
SHA1 49a342b9bf5f317b5b0da2da4e37a16ff1c50b6d
SHA256 18b80dba48bf6a09e737ff8f2f34a35972d5cee130b2cccee819bfcd276355c2
SHA512 50a8d5d36cff2dbe928c8bff27de68fb2385b4e253bfe6ff61e8ab20576a4bad7fde66d1e0a65521fd46ecbd9506e256dd11c19a044e20110fdd429a134903cb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\startupCache\scriptCache-new.bin

MD5 140578486209f94d8be52b52b11e98c0
SHA1 6c24c017bbebdf415605fab7e8bf34cc1a0bdc14
SHA256 efc2d68439f21112a2eeb7f4256d053e92283f3ce8707f547f8015a9db19f16b
SHA512 bb9b335a3030f350704b7def82b712ab9e459428633ea843fbf0b8c2512762e67078538204a6d38bf82d51e86aa420b7af9d8e0cad14455060104ad9f5adfebe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 17b94603f6075bd5bf4b82f11d1a9fb8
SHA1 37634d6b32a140be7ce4c87de036054a9f1b1818
SHA256 83695455a7509ef61f75555991d920ed6afacbe06bcbad426c9bd62f6c054748
SHA512 63e440f7ab9c5ceae00898330e356ab4afc3ed0ad322f5bc3512f8211ac43187fe4a6a85f7962e3da9bb6bfba794191f2caecb7af214b7b1f3950aa10e573423

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\prefs-1.js

MD5 a6a8cbff9e4554a753402c252d59867a
SHA1 eea6f4eae2f344228bfd2d018b02321ee20cc56d
SHA256 2a8b940422f2d2ac9999acfca4acff9b5d6ce53d1ac6ba12cdacdbf9ba439bd8
SHA512 b595d99930dfde4f6bf8adf2f356197ac1639fba564ae33aa19945e062b5a350ec513d825f77ed247cdf773ff382fed29bb57052358f27df3d2fd4470cf4a73b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdSgYK\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilec3Yp4d\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilec3Yp4d\prefs.js

MD5 ba9fec31c00ef38dcd4ba761f05a053e
SHA1 7cc7c222189b3e00237843c62021518eae0f4f5f
SHA256 6ceb9f746a17581901698c9a592724e37f281bb3b0fb8eeaa28dad2d8f25d1de
SHA512 6f7f111c72f5a5bf1c7c672b88ab429d4a94430b55a2e1523f6e06b92fce57a526aa54a007e682f906dac8adae968e54a5efff95b6d1a35faa1a5ed51b3e71e3

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win11-20240426-en

Max time kernel

300s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4172 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4172 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1720 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1720 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1720 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 1720 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 1924 wrote to memory of 4056 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1924 wrote to memory of 4056 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1720 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe
PID 1720 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe
PID 3924 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3924 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 3240 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe
PID 2916 wrote to memory of 4092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe --port 50020 --websocket-port 50021

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenpxfV7

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenpxfV7

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.0.1138777646\1860640706" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {739a304e-514c-46cd-b683-c17dc3ee5d4c} 2916 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.1.1592587749\202972711" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {423c3d04-c94e-45b5-89d7-c56a99b62a05} 2916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.2.477165124\766029144" -childID 2 -isForBrowser -prefsHandle 3048 -prefMapHandle 3040 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {2cdd5e13-773a-49c1-b9fc-bb3fda2768be} 2916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.3.742525627\1470612428" -childID 3 -isForBrowser -prefsHandle 3108 -prefMapHandle 3096 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {2d4e3ffd-bbdc-43e6-ace9-dfbd56768ddb} 2916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.4.1156631166\551104731" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {fc0b7ef4-77ae-4cb5-8ada-c1bcfd169750} 2916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.5.1150955649\1587324565" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {14e696c6-80c4-4f4c-a293-a0fee35c2f65} 2916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.6.1617956235\53808457" -childID 6 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {6e3c9b35-6224-4947-a930-761324646751} 2916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2916.7.1276358903\1681701268" -childID 7 -isForBrowser -prefsHandle 4168 -prefMapHandle 4488 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {0d59233f-ba77-48eb-9212-90e75bc86b44} 2916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe --port 50020 --websocket-port 50021

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.0.450639256\1394515330" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {928c699a-cb69-474c-93b7-71daeb925048} 4912 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.1.1393622868\1342134277" -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2704 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {ed221aa8-95c0-4935-baa4-f4669ba71ef0} 4912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.2.1237929073\1238586690" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 3040 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {1376856e-4bea-4241-8a74-e6b08c52af04} 4912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.3.79865191\1780345974" -childID 3 -isForBrowser -prefsHandle 3572 -prefMapHandle 3504 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {78b1f757-3b2e-4228-b14e-85a1d407d9ba} 4912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.4.1926894300\1890470463" -childID 4 -isForBrowser -prefsHandle 3644 -prefMapHandle 3648 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {3c5c2e5a-e3fb-4da1-a629-6b3411d59f15} 4912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.5.1849917987\1499859350" -childID 5 -isForBrowser -prefsHandle 3300 -prefMapHandle 3624 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {903dd96b-97dc-4112-a873-78eecdedde1d} 4912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.6.1492857390\1436372341" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {4b8c1b42-4041-4dbc-9090-4eaf2dd357cf} 4912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4912.7.1694055152\190186852" -childID 7 -isForBrowser -prefsHandle 2596 -prefMapHandle 4568 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {402c1df9-25e7-4faa-a3e1-d8b0027b1eaf} 4912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe --port 50020 --websocket-port 50021

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejNr5cd

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejNr5cd

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.0.274800805\1782545869" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {5f081958-ba1c-409c-82c3-24873294de08} 4788 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.1.908424031\1405340160" -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 2736 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {0efed60a-8530-4ecb-ba45-53577625deab} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.2.2045188247\658634747" -childID 2 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {94af6f62-60dc-4150-8adb-66dcaaee6c74} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.3.1986714436\612347191" -childID 3 -isForBrowser -prefsHandle 1428 -prefMapHandle 2940 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {c986c70a-b704-465b-8b4a-8df3bd09ab6e} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.4.1747894786\154867324" -childID 4 -isForBrowser -prefsHandle 3936 -prefMapHandle 3112 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {9c20f3ac-558b-4a5e-9e9a-cf7536503a0a} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.5.1582366143\874126940" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 3120 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {f293e361-53b6-4c55-8682-63459dd6c2e2} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.6.90926308\1738272883" -childID 6 -isForBrowser -prefsHandle 3400 -prefMapHandle 3284 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {60cc3435-0ac7-43e0-a366-ea314cf015a2} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.7.1634717322\51425367" -childID 7 -isForBrowser -prefsHandle 4428 -prefMapHandle 4424 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {3f5550b1-385e-48b7-b1df-037873facd37} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.8.1504516158\1896184190" -childID 8 -isForBrowser -prefsHandle 4340 -prefMapHandle 4840 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {6052ccf2-6dd7-48b4-9345-a9c05397092f} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.9.748903675\1079062655" -childID 9 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {8846974d-c7f3-480c-98d7-296ed9c7cc85} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.10.1235181591\1442074156" -childID 10 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {b1730353-46dc-452b-bb0b-f440a5d31a07} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe --port 50020 --websocket-port 50021

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCAHi6Q

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCAHi6Q

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.0.1508001949\203350400" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {9f12d8da-f1c3-4eae-87c5-98880306e306} 4732 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.1.371538732\1735076833" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2740 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {fc666756-63c0-4762-bdaf-b8db50654677} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.2.121691750\271835470" -childID 2 -isForBrowser -prefsHandle 2980 -prefMapHandle 3016 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {a7cc4dd0-5a0a-4a37-a273-436d635e53e2} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.3.1498941193\1879364798" -childID 3 -isForBrowser -prefsHandle 2972 -prefMapHandle 3192 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {62e1616b-c749-4312-bd5e-3c5e67505f58} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.4.711116680\1909053593" -childID 4 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {fd4a527d-829e-4e09-b835-97e536be7c4e} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.5.1222675072\962335803" -childID 5 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {a5d9e0ae-2d05-4d63-a994-b75f85f4b439} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.6.55069534\474466977" -childID 6 -isForBrowser -prefsHandle 3300 -prefMapHandle 3216 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {2c4aa098-1f32-4d71-b775-922d813d30b7} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4732.7.157338318\856332477" -childID 7 -isForBrowser -prefsHandle 4416 -prefMapHandle 2484 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {e4770cdb-6e69-474c-8f1d-d448ab9e2779} 4732 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe --port 50020 --websocket-port 50021

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuV8Caf

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuV8Caf

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.0.472800473\2077251896" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {ffb81189-136b-4dd2-8311-cf459eb0e702} 1556 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.1.684083574\124416575" -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 3056 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {0cd278c2-3c3f-4d98-8973-d9b276bb8120} 1556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.2.657521942\537390643" -childID 2 -isForBrowser -prefsHandle 2652 -prefMapHandle 2600 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {d2ac81a2-a556-457e-a85a-6e23bb7a1981} 1556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.3.1102152488\1089964788" -childID 3 -isForBrowser -prefsHandle 3100 -prefMapHandle 3180 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {02b05816-37c6-478a-9b0c-a07a1225363f} 1556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.4.976792916\681195985" -childID 4 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {c5754601-d702-44c9-916b-e76607e6e116} 1556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.5.1387488078\141094331" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {105a6a42-4a5a-42d7-bb8f-01efe85fb614} 1556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.6.606746780\1297634790" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3984 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {1b00f8d2-110b-4283-95eb-47fff0f2626a} 1556 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe" -contentproc --channel="1556.7.1399524945\726801439" -childID 7 -isForBrowser -prefsHandle 3984 -prefMapHandle 4496 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1364 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\browser" - {132d7a5f-b33c-4d40-bd9c-563601652c8d} 1556 tab

Network

Country Destination Domain Proto
CH 195.176.3.24:443 tcp
US 8.8.8.8:53 24.3.176.195.in-addr.arpa udp
DE 162.55.84.59:9001 tcp
FI 37.27.30.181:443 tcp
N/A 127.0.0.1:50123 tcp
N/A 127.0.0.1:50125 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50228 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50236 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50592 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50600 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50940 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50948 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:51336 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51344 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:51729 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51737 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI41722\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI41722\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI41722\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI41722\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI41722\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI41722\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI41722\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI41722\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI41722\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI41722\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI41722\top-1m.csv

MD5 0bb41c540a54e3fd2eee9689c7a4d23a
SHA1 40062442cb48102a1671749bed9e6cbb369284f0
SHA256 94b70bb532a798d6b732267e11a90de78b0a7dd3f8a41ecf1525f52fa8409c86
SHA512 3589975776e6cbfcf013e7461212676f6900c930347599e39fd102d37139e9636dce0577ec269d4dc90395c9f53936def2886dfef7fad938fc1a78dc3ed2015c

C:\Users\Admin\AppData\Local\Temp\_MEI41722\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 549e54a44c7326c30548c998a1d16424
SHA1 d4375f9ead356aff85d60375b08db168195d5089
SHA256 fb2df7a858dbfacbedb5ce100bc71dff2b1e1991b2d574c1d3d46701ceea5433
SHA512 7325a6d2ed8cf43c4665f2cda3f4f9578de7a87cf70178eff7e927bb8b58f0dceff4b4bf6029593ff64fab052718cf2da8228275580071de2d0fb77fcb4bb897

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpm1mkyqhj\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI41722\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI41722\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI41722\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI41722\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\tmpm1mkyqhj\webdriver-py-profilecopy\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\tmpm1mkyqhj\webdriver-py-profilecopy\places.sqlite

MD5 4b184e153a4175d0a83f8282c45eb9be
SHA1 6f9d49eacea2706ae1b1b47264897544c7c57257
SHA256 b319a9b68017b1e6ee839ccd1df238fe01fe5e721126aad96cc671d7d17ca898
SHA512 33dee2bafc4ccb6aad7c5f6349693e8fda421e12225b1ef3b239a7d41385c7da01561e6b0b6d993f889b371784bde9fc69a8af0132ad05c7a0273c037b14b6e4

C:\Users\Admin\AppData\Local\Temp\_MEI41722\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI41722\geckodriver.exe

MD5 644e41a4c9066b625e72a8db737de2a7
SHA1 197fde91c657018f144e448c4d8b15560a16cd8e
SHA256 1553d817bf4961cefce8d9ff21c78a84e7c058e398f1dc5eb79ba107cbe7b63e
SHA512 ccc5acc068352adf39abfaa8e5eee140bd5fa54d75d9109d5e8962ed2771adfef6887cf7ea267ed58dbc4be0d0c661af7f6515c92dd1bd1813a3c2409e2946a1

C:\Users\Admin\AppData\Local\Temp\_MEI41722\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI41722\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI41722\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI41722\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 5be1294eb3b2c41b9a650ce10a0700c2
SHA1 b78b0211f3c307bd4d8500d73b31a1ab917def2c
SHA256 1dd4549547c3f6b3e96c60818f2770ff483429dc2315d81ff6f118cc7f393745
SHA512 2f9068f39a903b6676ad1a38de556db1ebd0582ccdeb459f24ea7ed9deb37285bc447130ba8eb690fd31a1499fbdaa5ef848ea292233023da798e2a4c8e73a8b

C:\Users\Admin\AppData\Local\Temp\_MEI41722\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4600-491-0x00007FFAA61C0000-0x00007FFAA61C1000-memory.dmp

memory/4600-490-0x00007FFAA4AA0000-0x00007FFAA4AA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenpxfV7\extensions.json

MD5 11daf15861da6d77a8de761a75beadf7
SHA1 deecf769ea750d44b227e9d7b90eae38b211d76f
SHA256 4d6d953f370082eca1a9ce2e6dff8955c3d9366a7cf44f52ba8f6322c1903307
SHA512 39be85c011c1fb6b6d1c6155d6fc34e3570f80b0b8c37372cabb008b919a55bd93401cd2824ab4b0a842ab677019d1b7c7f6abba4940f0e19936c82fc99ce830

memory/2916-555-0x000001CF453E0000-0x000001CF453F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenpxfV7\prefs.js

MD5 7aa8f5dfabc20cd6f51122789b4ef1dd
SHA1 8add884d24bd77b4678bd5d9713b959d1f558c80
SHA256 29a6df5d900e53f5655fc134c398edf1f4ccdbe8ad2cad8fbfd10aaf09fe4a8c
SHA512 a398ea8114c7f343025167f3d0039cd133011d7d9b21e9d6da50d2939b42bd3dea560dccf71bd86e4e5647da3205a2d5d998f9fc8075676666a9360fb1ce5530

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenpxfV7\prefs-1.js

MD5 1879d0d9abaa9fb71a5bf35f95e70f2b
SHA1 c3067268883ab9242c5086c098232dbe67a95076
SHA256 fb058e3cf1eb451e5e657bb13a02fc2996ca06543a5a150bcf859c766b6500e4
SHA512 31a9fdfd96b2f3757dbdfe952ffc442ab920946b78308640d01d5166f69612d4265ec41ee6afbc17e09cbad1bbb0c727e884b83c3a52ba3636e276b376b88e85

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 0af9602133257bf1317823e59caefd23
SHA1 a5f34adf29ae3360a789d78e9dc0667d4d894b7a
SHA256 e2a753deece5a7dfe217c17e422065f6ea929fc5ec95f47dd836e3cc7d468653
SHA512 a89c455de1ecd48fb0cad0c8f590122699c0c6aafed92eb0a57fcaaccab8b177ab0dc49999200cbe04695e02979e06d9329c52dcaf952665737a8a2b4be7fc28

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenpxfV7\prefs-1.js

MD5 3a249c0211d84bc9ce63803b1731f1b4
SHA1 6844599d38900024c10f0eb969cbf9471f8f3696
SHA256 0d7d5ab4c362d95760ee4aa25e4d9bfb0189a9a099f064d9c295066a0f970939
SHA512 dd1bb58062ae76e81b45399ef5480236718775e68435f8388764997e8a85477391fe398505cbabca6ad0eae0eed8cac090107dce4f2db91da254dc3148518c51

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenpxfV7\prefs.js

MD5 cc8feefd3f535ed3de4d43c2a608b017
SHA1 6046ad00b1d2c2a4f850122709f08bc2b59026ab
SHA256 6b7e83dd41b1eb1ac9e3687d878cc3f063ce08238fc55c0de04ac7b27eb7e80b
SHA512 3e1d6c26d0f9d0844a12606384b859936f5116b10a514dad4e6124dde03dea6a5496a40ed5ea664e61fae14d58275c1618cff557a60f0ad8edf5bcdcf2603c08

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\prefs.js

MD5 c174a76c955c78d14b715b89cb0d42d3
SHA1 55235b560de6bc47895c6f9f488012441e630c90
SHA256 ca7713fc2132d5e9664da1250562fbc8de2e3c5cc38ecd3ae3acd4e01888a2c2
SHA512 244fb79d15eb303d73c61412ec15c7d3038f92e53e9fac0410797fbbb128eff467ef6b3ad3cdfdae5dcb8d5c30b5e711ed775cbfa999b0bb537759511e961b6c

memory/4912-897-0x0000020945AF0000-0x0000020945B00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\prefs.js

MD5 38a8b5708385d096be090f7ecb71a45d
SHA1 0a23fe95ff95adf07a7f6bad00a1f0e6261de020
SHA256 4e6e104bd89820b67b6c48d703ee09e5858e96e4a05f42832364fdcfe2c7edc2
SHA512 7fc319bd14e973b3b5c633c4e07b4ec72a5080200822f2652773ad1a264220e00ad44d5cd196b23c2a9802aeb50492bac0bb109de446f622b370d446b9974cd8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\startupCache\webext.sc.lz4

MD5 a2c62cf2c302f6d94a786a259ae999a8
SHA1 5e2b6ab0520d8b8e08b0d8bfb5fb02b7d4f1dd31
SHA256 4e1f8d1292c199f209aaac8ae06540d4fc9e76459f02e901273a448c360992db
SHA512 8c64ad6cce0d7ad03966fc2699787a3278d5da52d8970362bd5001240ba4ceb01511bdd7e6ed6a4d103aeba9f82711bf471a60dab34cf0dd21107aedcdde82d0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\prefs-1.js

MD5 59713dfb01943c9094c1ca3e98647554
SHA1 7fbf623fdb77afb4f1cd087506237bd51688915e
SHA256 915b0d04a05838fbe5c4e00c30e4a0861c4fdf90f57b58ad77a7f2bf0a800852
SHA512 16fddb448e6614d04e59fd7cf5d06e4873b445e0a4973b16cebb6f1c906155459554b55646c49cbf9e5d5b969ca5b40570d4dee899c7e0446a4e4f213f89a1c9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\prefs-1.js

MD5 223568a4cc20378d4c655473522fee15
SHA1 e028d3767c14561cb61353488b59ddfcc2b7f1bc
SHA256 83652ae98f5957862b8b5b5dded95e0cf1f2920d2df27a8afc7b1f5137469f02
SHA512 7e7da62227e11145061b3733ca501324bab691d6305ec740fc759646efe291b634402ce67b4ee462af57c3b52bb8ee317e541e69b24dc83f9ec39c5dcc56b46c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexGBqLg\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejNr5cd\user.js

MD5 e32dae9d26c7249ca980bea3bc3b8fa4
SHA1 e68cec0405e657f73c7d8bae469a082797d1e27b
SHA256 f12cb050492505726638cbceaafb3621e3601017cb637c82e74858bef9a2d8ec
SHA512 e66c9b24ffc9e6a9fe3ba5c9faea1f3e238d9fdf4cd72ba9f84d46be41570a075e145724a1eb223f5fb0cceae0d8b5174e958d0b9097684184432cb5e612f035

memory/4788-1115-0x000001B28F890000-0x000001B28F8A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejNr5cd\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejNr5cd\prefs-1.js

MD5 0a60b1ffc39dd12e0457a0d9fbd1940a
SHA1 4b92e85044222c1f06d5205cb25ca14cc4cb9bfe
SHA256 976d1e79b698dbb94ff96e4ab8f97100c76cacc0842e0ec0b55b30697f1d69d2
SHA512 436d78a5ea2ba690805eb7cd1d038f2f36e6a034375763787e1f202827fb70312877689904f9c4645ad792f0025b2bd6a5a4de0cc9d63a22b89d5f5fd1c082c5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejNr5cd\prefs-1.js

MD5 1fda5fc7ffbf04ffecf24a082b629201
SHA1 ea90961c57107fde89d8d1707d4cca1a74efa5e2
SHA256 cf91aef2962e3c74ea0a53813ed02562ceeb9bd090dfc2f9bf9e83eec1af4575
SHA512 0abf78b138e17a66ba73faf8ae06a6a0259e3713c1df6d35d6eb56a2da65796c8eeedb06eacecddde2d711558339efc6286d1f41e7187ee216a7642e6e1c9637

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCAHi6Q\prefs.js

MD5 c0c782acbbecf1d3590bd9755213e284
SHA1 8c7e1a6f77ebad0c1c6a9ed7ebfe89f064642d93
SHA256 f60146cbd92b6364865a0cc7ef54341328b410df93f78457adeeb8f7d0066cb5
SHA512 6e35281eabbb9c2cb0f88cce29f9f02f7d830e0ed9e4412379e321f694a8657e3b93ed9c811c52bf6bc6a27e579bf0ce406c77f6db6af3747fba71fdfbcb791e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCAHi6Q\prefs.js

MD5 a48f47abeb1192dfe16812bcfda7593a
SHA1 d8504b1bc0dbf59bf7c47dbeb8831b637d314885
SHA256 0f6b4aa6b57c0539d7a14e90e45d2887692b0df8d4c971d8191b128dbfe3b846
SHA512 1506db27849bb8fc5f6db937c38ee70739eec6a7ffd619e2feada67bcfffd92f0d8d0c67b219b763a749248778185fddf38de14c5e3e30437cff81996651f2e1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCAHi6Q\prefs-1.js

MD5 0e776dff76f548075d8bcbd53a4a98cf
SHA1 cddf54571988ca3e9b9c9df660c8857cecccf205
SHA256 80d243486a9849ad1a22b9324d69de6ffc6ad7421e12d32d4c845c53437bb97b
SHA512 3a794498dd67474529dcd37390c40d0846f0a5021ae8ee315d050062a6e097f2250ddd5d7559177e0de16190286cad37a17473e4b2370f85cab81cf757c64c7e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileCAHi6Q\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuV8Caf\compatibility.ini

MD5 877e4b755af71c77780a94bf9bfcc9c2
SHA1 bf58ad60a6b08fbf76139d81066533ad3903d14a
SHA256 ae6f5923f8610f80d8ed3213f527424387a3a40683fb70f04669f3eab9b8a8c3
SHA512 26d87ffe4cda8599ccf25593b78750dcb5159efc3148de4c85e997baacc2c5e5f9f1e9ef78d54ee1394bf386786b5ec28dd864e8c6815e3b8801b2405e2b7a4e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuV8Caf\WebDriverBiDiServer.json

MD5 7bba2bfb0fc31680a470dd67bab34123
SHA1 f2e27cb94acc00445bb363207fa09122f1649cf6
SHA256 7e15088a1ba4716b59c9efa21aebb8b0d135465a29b78404125530164ba109aa
SHA512 8e38cad5221710d105ec4a9ab2634fbc87478b270bdae208afa8ca53ca6b66b50113c41d6568173274241b25791352642c12c3b8eb4abd59d1148313189705dd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuV8Caf\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuV8Caf\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 3e6a65025152a7b7f0cbb9092185f528
SHA1 80c13f4c4e2979657b76a7890669b4a023743e5c
SHA256 698ae23e0b35b69b1f94d1ef24d952e979b425620a6db0f66df34a4d91b3dc93
SHA512 1dd27c44e337a19e090a25331dc8145987f55cbd2f07754179d32777a3d04b872682e555b048db55570b09382d7e41d552c45cadcb203ff1875f7c5b4ee22c78

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win10v2004-20240508-en

Max time kernel

301s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1488 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1488 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2872 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2872 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2872 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2872 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3164 wrote to memory of 4924 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3164 wrote to memory of 4924 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2872 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe
PID 2872 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe
PID 1876 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1876 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 1208 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe
PID 3212 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe --port 59634 --websocket-port 59635

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjxWcz

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjxWcz

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3212.0.60665267\1436826105" -parentBuildID 20240416150000 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {b193280f-7cfe-4a94-97df-0e247995c9e2} 3212 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3212.1.644343435\2135676387" -childID 1 -isForBrowser -prefsHandle 2552 -prefMapHandle 2548 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {21252936-48ca-4663-b7df-f3ca703459cc} 3212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3212.2.1063771332\1065215631" -childID 2 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {63e238a4-6da0-4774-8faa-70b0751d0027} 3212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3212.3.2079568615\320551893" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3308 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {d3a72107-e03d-4f2d-9093-e7dda107d08d} 3212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3212.4.1929349023\1330179879" -childID 4 -isForBrowser -prefsHandle 3748 -prefMapHandle 3768 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {429d991f-0bbd-4c60-b4c0-e163005b9bb2} 3212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3212.5.138836547\1672307271" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4040 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {2615cae0-df36-486b-8e14-8881b1d4a5bf} 3212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3212.6.1313937\1679568257" -childID 6 -isForBrowser -prefsHandle 4216 -prefMapHandle 4224 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {015fd2c9-afd8-4471-94b9-c162847e8c59} 3212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe --port 59634 --websocket-port 59635

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4224.0.1368361010\315323881" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {79a108e8-3583-4bad-9870-04e8af40557c} 4224 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4224.1.2018298049\929708965" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {0032a37e-33bc-452a-bed0-ebf0e5348b63} 4224 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4224.2.894573747\683314047" -childID 2 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {dfca8c8d-fcb2-4e24-9a2b-7b0ad31692e9} 4224 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4224.3.1768787968\999711527" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3740 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {2fafc23b-6e68-4629-bb25-6d4659341082} 4224 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4224.4.155100931\1839620454" -childID 4 -isForBrowser -prefsHandle 3828 -prefMapHandle 3832 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {7a13997f-8fde-47b4-9d54-2e798758ab4a} 4224 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4224.5.587908621\1495290863" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {8cdce14a-c20a-4205-92c7-1e5c865f878c} 4224 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4224.6.1341892247\90556845" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {8e63c08e-97be-4a30-bb93-913eab58d489} 4224 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe --port 59634 --websocket-port 59635

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.0.2100620502\519296572" -parentBuildID 20240416150000 -prefsHandle 1656 -prefMapHandle 1648 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {fd78bde5-ddfb-4319-b0b2-367f4d6d4965} 1972 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.1.1291859490\203715729" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {5a03e6b7-2ef6-463b-868a-04b8b62e3e71} 1972 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.2.2057216007\2030506108" -childID 2 -isForBrowser -prefsHandle 2696 -prefMapHandle 2940 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {733a65e6-69bf-4d5b-9f19-8b9fabf69f16} 1972 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.3.442867311\331073709" -childID 3 -isForBrowser -prefsHandle 3364 -prefMapHandle 3368 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {15050609-81ad-4bdd-8ebf-bdd5b87b871a} 1972 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.4.1233153876\947725670" -childID 4 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {1e5c2572-6f3b-4e12-ae32-26335212edb3} 1972 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.5.20736956\1076206284" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {7004ae9e-a644-4256-b13c-13c5289df367} 1972 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.6.663102836\1903219113" -childID 6 -isForBrowser -prefsHandle 4112 -prefMapHandle 4116 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {16ddb3d9-3838-41de-89d5-13c59df7a11e} 1972 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1972.7.1319672755\264463656" -childID 7 -isForBrowser -prefsHandle 4520 -prefMapHandle 4532 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {d6c2a508-5e89-4134-a0d0-76bf924e8004} 1972 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe --port 59634 --websocket-port 59635

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHmFPJH

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHmFPJH

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.0.381357676\244263819" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1520 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {c9414264-d258-487f-9a9d-a73b8e10d86b} 2336 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.1.889614126\1299178066" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2664 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {16978b95-3f6c-46c0-8968-973e03d7c2d1} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.2.1420982194\278407224" -childID 2 -isForBrowser -prefsHandle 3032 -prefMapHandle 3004 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {598333c5-7feb-4c72-92a4-13223d6c36b2} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.3.1388742075\1989835006" -childID 3 -isForBrowser -prefsHandle 3288 -prefMapHandle 3676 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {dca963b5-dcd5-4ec3-a280-d3b4e80eb334} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.4.954748491\1666831847" -childID 4 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {981e84eb-eb49-4767-bf78-3400fea7b0b4} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.5.233503562\590623357" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {12f4c193-f13e-4c75-bda7-e4414913d53f} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.6.365137737\1662782044" -childID 6 -isForBrowser -prefsHandle 4264 -prefMapHandle 4260 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {a40cabde-121e-42a9-a52c-8c8820d94da4} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.7.235756325\397178174" -childID 7 -isForBrowser -prefsHandle 4652 -prefMapHandle 4656 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {97aaf8fa-cd33-4d89-875d-d221aad37d97} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe --port 59634 --websocket-port 59635

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.0.986634496\9313807" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {00c2ac02-a7f3-456e-bbe2-51a1b69f6938} 948 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.1.515264731\1900267058" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {670807ac-ae94-46d7-9b5d-fb833d17b55c} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.2.1467314102\817444129" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3160 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {7059a47d-3cfa-4faf-9f82-5e14a5193e1e} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.3.1767766398\1432957158" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3644 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {3a79f7fa-81ef-44d0-9e6b-1e00cc6daab4} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.4.1353415827\655712662" -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {dd46eb7b-7256-4acf-a3f3-d83c8ae3ab8b} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.5.878481359\1107975999" -childID 5 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {7172bb82-b290-49c9-96b8-8ac8669f5161} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.6.778640154\337477375" -childID 6 -isForBrowser -prefsHandle 1436 -prefMapHandle 1544 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {9d162315-51ba-463b-a84b-3a17db794e9a} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.7.1976881798\1557626938" -childID 7 -isForBrowser -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {c849c287-241b-4a67-847b-1f349a418622} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="948.8.514335565\924397123" -childID 8 -isForBrowser -prefsHandle 8712 -prefMapHandle 8752 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {0cf46e08-0f8c-4666-bc6d-809058374efb} 948 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe --port 59634 --websocket-port 59635

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBTZH3k

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBTZH3k

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.0.547923488\894173538" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {1d957d32-ea0d-40f5-a853-dfbe4b17cf4c} 4896 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.1.2044467060\679190739" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2660 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {c4d5a53c-ed57-4203-884a-584460e15902} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.2.1211091462\745115933" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3036 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {b3a492ed-0cfb-47d1-ac16-fb811462ed71} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.3.205200134\1538460894" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3748 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {ac952e53-a49e-4907-9e09-b29c81b51f6c} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.4.76553814\1145187883" -childID 4 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {d4236fcf-59f5-4965-8b87-53b46373ad7a} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.5.2015922059\1014120517" -childID 5 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {ba20b0e6-1599-4795-b47d-2b8bda0cf5b6} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.6.532664455\779689232" -childID 6 -isForBrowser -prefsHandle 4180 -prefMapHandle 3996 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {ee5d34fa-c34f-4f5c-a210-27fd04fe7c5c} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.7.979271997\1105547568" -childID 7 -isForBrowser -prefsHandle 4508 -prefMapHandle 4516 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {60fb33dc-1e80-4cbf-9119-4d0022bb6737} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.8.1499248411\1575577409" -childID 8 -isForBrowser -prefsHandle 4824 -prefMapHandle 4828 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {ad0e3fbd-644a-44ef-bb25-340367ce9120} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.9.610803193\697582857" -parentBuildID 20240416150000 -prefsHandle 3264 -prefMapHandle 4708 -prefsLen 27675 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {72bd643f-bc83-433c-a70e-efad8cd0a5de} 4896 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.10.588937177\841665455" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4584 -prefMapHandle 4724 -prefsLen 27675 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {944e3e5e-675f-4bec-bd90-c44679798f60} 4896 utility

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.11.804071723\335458890" -childID 9 -isForBrowser -prefsHandle 1396 -prefMapHandle 5168 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {7dad644b-1156-46e3-b1b4-4f52258242b6} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4896.12.1728371657\698739752" -childID 10 -isForBrowser -prefsHandle 6816 -prefMapHandle 6852 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {fc6e8b43-e043-4a3a-8b30-12557fbadc37} 4896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe --port 59634 --websocket-port 59635

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLIPPd9

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59635 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLIPPd9

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1260.0.1080421737\347084068" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {b55e6077-721f-4908-abcb-dd986d26110f} 1260 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1260.1.943974674\2079594373" -childID 1 -isForBrowser -prefsHandle 2696 -prefMapHandle 2716 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {dfde40c7-fe0b-426d-bf80-128055c0d955} 1260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1260.2.901096287\127273156" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {a8f8646e-8c30-4f71-84d1-ec2833d147b8} 1260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1260.3.984358527\1362984697" -childID 3 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {7182ef36-f0ad-4f6b-8cf1-970678e55d83} 1260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1260.4.1638503779\188674824" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {ba3c96da-2307-4148-88be-76a9b14bdf92} 1260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1260.5.49791846\456187122" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {710035e0-43f9-4155-8ed3-13051f8ac342} 1260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1260.6.143216107\1119148756" -childID 6 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\browser" - {b7fef84b-5f59-448c-acde-973698179eda} 1260 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
CH 185.195.71.6:443 tcp
US 8.8.8.8:53 6.71.195.185.in-addr.arpa udp
PL 193.56.240.157:443 tcp
FR 94.23.172.32:444 tcp
PL 95.214.53.96:5443 tcp
US 8.8.8.8:53 157.240.56.193.in-addr.arpa udp
N/A 127.0.0.1:59737 tcp
N/A 127.0.0.1:59739 tcp
N/A 127.0.0.1:59634 tcp
US 8.8.8.8:53 32.172.23.94.in-addr.arpa udp
US 8.8.8.8:53 96.53.214.95.in-addr.arpa udp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59843 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59851 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:60186 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60198 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:60488 tcp
N/A 127.0.0.1:60496 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:60850 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60858 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:61231 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:61239 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:61626 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:61634 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:62147 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:62155 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14882\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI14882\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI14882\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI14882\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI14882\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI14882\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI14882\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI14882\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI14882\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI14882\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI14882\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI14882\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI14882\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI14882\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI14882\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI14882\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI14882\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI14882\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI14882\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI14882\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI14882\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI14882\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpcvwmx_6f\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI14882\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4536-490-0x00007FFAF7E30000-0x00007FFAF7E31000-memory.dmp

memory/4536-491-0x00007FFAF62B0000-0x00007FFAF62B1000-memory.dmp

memory/1008-516-0x0000029FAE600000-0x0000029FAE955000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjxWcz\extensions.json

MD5 26b9f0d8c4da654c2afe39020f917c59
SHA1 22ed7f8c179b6d18759b5c3c352400813f6b8c8f
SHA256 5ff724a45ce5d944c08fa8553e30776411bf5ba346d235e6a8c1b9ca48e7ea54
SHA512 4f46ca8b9ed5ffc5d935dda5babaced6820061394676bf3791d414915fd9a91e7fece4ae414a454c22776150a027f7df0de8b13ba1b8d71f683cb47d602ac1e4

memory/3212-594-0x00000281D0840000-0x00000281D09B0000-memory.dmp

memory/4044-602-0x00000189CD000000-0x00000189CD355000-memory.dmp

memory/4944-605-0x0000021701900000-0x0000021701C55000-memory.dmp

memory/692-604-0x0000016D19B00000-0x0000016D19E55000-memory.dmp

memory/4192-603-0x000001E4FB100000-0x000001E4FB455000-memory.dmp

memory/4536-601-0x0000021984E00000-0x0000021985155000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f712bdcf3bfc9fb58a75e436a2494b7d
SHA1 a433c589b2c3f0c84c3505b2c197fde63a05735b
SHA256 bcc93f85928614725be7d053400a40068ae22b5ba1f2dc1e7eed7549b83ad804
SHA512 7528f7584ece3a43482cb22940e9ba6ec438e67ec36eaa043b41d17e8ce4b2afb9e6a57ad86e49d843611d211c1114b7b7f729ad599db2ffffc56e173d0923bf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjxWcz\prefs-1.js

MD5 9e302cb6f63b35a4043342a799e562dc
SHA1 54b705c17220bd385558f63c3e03a51a8ba35b81
SHA256 41709fe74492e1847200ec34caa9a9d915cad9c1b455c71bfd2713f2dd6d25ae
SHA512 7ead8e0ea9cbd508270f030ed920237724abb68965e5fb5ef5b5300c23f7a5ad2466580e606986d4ffb7acf84d407d789b44ee148b55a146fa759bbcab460c00

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjxWcz\prefs-1.js

MD5 fdaecb3ddc7a79fdc7e9f7dc22fc85d6
SHA1 6cd80dcbbcf900280763ada39d3d24e5d87ed9c2
SHA256 e0783eda329466249981bcac0ce09998a963a101cfbe6719388ad45229159f8c
SHA512 1bdfd73628eb6f0294450b2d0e5be555babc65d6165ee6f04cb113af225932c71140e118f3e64b21be393dc9c2ea31a18688a92ade161e8fa1b3dcac721b411f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4520-841-0x0000026113F00000-0x0000026114255000-memory.dmp

memory/4224-861-0x000001DFC66F0000-0x000001DFC6700000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\prefs-1.js

MD5 53a840719817e1355200fa9afd235e3e
SHA1 3275a59cd3311ae4a827717edd7080fec7f20bdc
SHA256 7c8dc58d7c9fa22b78824cf9cddd214b521fcc1e1b8ca5ebd7e5bfcce6dddbc1
SHA512 3ec85614acb36f744b2a8c4320bb31ed9106eaf11e112a3d32fe68786cea08e7368b3a758cd9ebdfde4d0a33a71969dc1a63c31e2891be5e3a5502fc53b5eceb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

memory/4008-937-0x000001AA81700000-0x000001AA81A55000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\prefs-1.js

MD5 88680e8868d30182dca9bfb3ade4311d
SHA1 0ac13ccf8362dd915a35201c31ca023824ed372f
SHA256 847869aa48b8fd4545f664ec0795cac0d4b63526f25e27fc296be2a8797cd459
SHA512 13a93dfdd66e05105fe47d91af3150cf68201e78f4b3fe63e56f7e77ee598b21aec497a0a01bfe3de0b0feec20a881c65da3c6369a9abdcab8ef67e96339e84f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfoIqi\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

memory/4416-985-0x00000176DD100000-0x00000176DD455000-memory.dmp

memory/2504-986-0x0000022CBE700000-0x0000022CBEA55000-memory.dmp

memory/4140-975-0x0000014FA1700000-0x0000014FA1A55000-memory.dmp

memory/468-956-0x0000017F46E00000-0x0000017F47155000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG\user.js

MD5 fabecc1f2f9211cfb2669b19d504faba
SHA1 b94e1452a320e49e7e6c48c4cb8c7a1fe3ae1a9c
SHA256 41aeb5c7bd40f1fbe0edc80a05d5099a0abe8f356291500e1044cf72a81b722a
SHA512 98b2ae8057364021b63eedfe29eb3134a4b1f767b76508e4e7c4b39855b4e8eb0dc8934077e3c1152ada1bcce001674bc9e5bb1bd1f91252e8b3165d0babdbd4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG\prefs-1.js

MD5 9403b3a523fdceb12b4142ae73876329
SHA1 5cc894ed8a12712f71b8617c7010953de9d23eb2
SHA256 80dd21524c8af1ccca2b3693e8cc627e00589f2bf4e22df724ea0c55f5dc3c40
SHA512 652a2be83b55c18fffe287f04c567cb5398f6583a933455aeb00f95b70264d7b085dd784686bbaa71c341e56fb657000c695cf27de632a192491115c3f82a3cd

memory/4520-1122-0x000001D124200000-0x000001D124555000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG\prefs-1.js

MD5 a4811b5a060e45a732ba818d950c4938
SHA1 94ae0dcc7a42536d75829a66b6820988a810e734
SHA256 4ed6ae4c83e8d76783f0be18e52faea9ad787089205b1b64eeab73506090b220
SHA512 7a9caef61551bd98b8b504aea809869ea767f6a6c1c91e9c2ecd637399ec4dd73f4f3fcf591b97b8b8f63d0fb740fe5609edb448fe257c56af9fbca49fd081ec

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8xDaPG\prefs-1.js

MD5 c98ccaab0f369be46a26940913e309d4
SHA1 a4c46650fc779336900837d92c33e730d47f0588
SHA256 24952e411ca74020d48fb21d4fb3045ac0b2a91d894ee64910578bdf719bf9ab
SHA512 0b76b9e0fb88b95f7bd8ea5737ae765567c43ca2b865fc20c3565c63591b5d014ece21dc574a426cb3fa6fb9a3c0ddb1c71b93162d0a01cf3dc22bb4a99c2cb0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHmFPJH\prefs.js

MD5 fb01c277fd4f675a2e8754569e5a055a
SHA1 2dfc95d0b40a12487eec44d11f21db0143c9e098
SHA256 d1bfd687c99d93c0bb0b36d08a86838b529a917d58efa5f30e35f4f9ab573503
SHA512 e987b26667ec3fd44548861cce037d4818cd1e0615b9a667ec26f8c2ecad81bd1004fa18afa6a4904f47507709471b26eebd02ac9b6ba97a758676c64c76e98a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\compatibility.ini

MD5 0f569cdc086785dbb41fda4d9d22bb73
SHA1 1abfae46d94d87060f94ece24ded5704bfe7b78d
SHA256 26cb491b3f4239ac53d5905df95532ad5aa2d93675167a0ba71a25335875e434
SHA512 712cbbeaa014605caf01eee01e579f3f82aca4bb5c45d6e73bb71b9965ca9202c817640e9bba192536b12313993f6ce1babda70b67f26cb086542cfa859299cb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\WebDriverBiDiServer.json

MD5 3854b424e200b7074cb70d60d35b8301
SHA1 78a4f2ee91a281df451426b8b6c20499fb99e6f5
SHA256 d503b8e6d84ed9ed9a7a3cb18ec9c0e773f53e4f23fde796c523ffce6d45fc6e
SHA512 396cf7f0f638846e57a899b1ccefb04b21a7f7df9c9be3dda04ff36a9e730657899055d13f79905a47140b551d55c64b56914a61b77d50cee8890f491fe4e68b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 9e2db09a74fca438e483127351a6df93
SHA1 a62aa22df704cdfa9c16689749062a87bd1be3c8
SHA256 e11f1b66ad7eaf6fbe3eb9eaa12ff793c068f448c7de0c9cc92231315e3b1a23
SHA512 acf0faf25c4cbdd4aa18a5189b818048b6a7f02dee22b5dd1cef8968fc3fffaadd58570964a53dfe3997bf80f05c0507f968eb52e37c27c4fb615d8e43bb35bf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\prefs-1.js

MD5 db015294a1fa33105ae0f8a31af2373c
SHA1 d499bf9abddd5daf855b9d5d298358570ca7bac1
SHA256 8943daaa9c32906973b90dfeb62ef87133c42dd75a6cd70d490907748e8a87c7
SHA512 ba1e8e14fb690f9befd7d044cfaf22bbeab416f41d67dcbca236b87593bc27333c0938505cc28a4dd4630d49c0ad1344f04a3ba2f3fb001b124566604e2b023d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ1ci1m\prefs-1.js

MD5 0adb0ead5a57cea23c4b55d8f4cf0584
SHA1 adf026ddc25ca9d17cb2d56d2f86cbff558f8765
SHA256 d4e6198b3ff7c4d123c00f21f24b24d788294e6b5f7e5ca821f5498afdae33f9
SHA512 6b876cc4884e064f05eb21eccedbb6f11553a16ef3db18b5a07d9027605fb70c18be5e8912579949d87c103462672764eda8ca4ceed03b53dd26340b847f0d0b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBTZH3k\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBTZH3k\prefs.js

MD5 e7e41fe66ac1f3163fb0d81bfefece9e
SHA1 f1a02ebd37a05f9746e408d4e9855bdecd3a8418
SHA256 5b25536fa754b3d039ecef766b9f5737196e50ba18d58d62295facc67515e7b3
SHA512 427df350de30442be702e3745305933c7783109732062d677ff138159129a5afdd00b3ef64159971d2d60416761a754bd94837cdeab64058a005b0a39954bf0a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBTZH3k\prefs-1.js

MD5 83ef0a78f58f7471ab0c1e9de004c7e6
SHA1 4b15c9a8c25e0983b151e0ee3f9192baea9d1509
SHA256 f9951174af78803044971c2beaf3f30ec13e37377427aaff090e4f75cba686f0
SHA512 7b29f99e026342ce7e510db862107495a6a97d31d190606443e70c24bf4b9370f0b603413f5fb19d92016cb9bd2499f61792a5f8005f6102df4a1f89254ab87b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBTZH3k\prefs.js

MD5 15374b428e22fa5fbcbc7b7252e104ef
SHA1 432ea5efcb4d5eb63750d71408ad385b5f2de8c6
SHA256 12f361edf2f66ac2ecc57e224343e07fac1cce3edf986a719fa6ad1daf5dc1e7
SHA512 9816ae72bc89236220c03a45abdfc56e38c9ab9926926d9b0dafaed9c02ef918d1f7955e8cf054f758a295c8c9022b3b42f07ae8ba675613b8f362f05965e379

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:04

Reported

2024-05-09 01:14

Platform

win10-20240404-en

Max time kernel

298s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4452 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4452 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3096 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3096 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3096 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3096 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3992 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3992 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3096 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe
PID 3096 wrote to memory of 2100 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe
PID 2100 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2100 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2800 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe
PID 2936 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe --port 50040 --websocket-port 50041

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJQXrw5

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJQXrw5

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.0.1600672289\1547575464" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {eac86abf-4fa6-43aa-80cf-79876f12fe95} 2936 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.1.660995336\1079498009" -childID 1 -isForBrowser -prefsHandle 2316 -prefMapHandle 2164 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {17f7c28d-724f-492e-b460-eb78074497b9} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.2.2109611828\846034904" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {9b18d79e-9e4b-41be-90ad-e3831c4c0da6} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.3.517316445\646880266" -childID 3 -isForBrowser -prefsHandle 3024 -prefMapHandle 3028 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {bd4d438e-068b-409d-b603-db22e44bf7ed} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.4.1420140241\179982849" -childID 4 -isForBrowser -prefsHandle 2952 -prefMapHandle 1360 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {a80a5c42-1174-4387-8625-0354a7dcfb85} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.5.1040811082\1296343176" -childID 5 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {f063555d-f5b1-4f90-b883-36f9775b2386} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.6.618875673\473498019" -childID 6 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {cc9acc58-3672-4db0-9bc9-c6093394d2e1} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.7.1353785325\404101954" -childID 7 -isForBrowser -prefsHandle 2088 -prefMapHandle 4208 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {db3cd324-a357-4cb7-b28d-f51e2d5cd44e} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe --port 50040 --websocket-port 50041

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.0.2025618106\1924586285" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {577239b6-3f88-4d51-b863-c32711131f37} 5060 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.1.666502648\141309441" -childID 1 -isForBrowser -prefsHandle 2424 -prefMapHandle 2608 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {e3ad6289-5fab-47cf-8e96-99fdffad8b95} 5060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.2.1283203854\1834313905" -childID 2 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {312f5c05-8d28-4642-a992-cce569ff24ae} 5060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.3.2124728165\1278574145" -childID 3 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {48170307-ac7a-4c14-95a6-acba7be36847} 5060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.4.1253747832\1530476716" -childID 4 -isForBrowser -prefsHandle 3600 -prefMapHandle 3628 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {a4025a5c-b93b-4737-ae00-2f0afbcf2711} 5060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.5.1063139704\1747993651" -childID 5 -isForBrowser -prefsHandle 3776 -prefMapHandle 3780 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {212e1953-c82c-4723-b5ec-7b589afec6e2} 5060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.6.1487674980\1356574295" -childID 6 -isForBrowser -prefsHandle 4000 -prefMapHandle 4004 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {2b65171c-dc7d-4e7e-828e-a30a0b4cbee7} 5060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5060.7.2058324548\1122075865" -childID 7 -isForBrowser -prefsHandle 4144 -prefMapHandle 4336 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {a00882a6-556e-4167-a605-535183c2a2ac} 5060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe --port 50040 --websocket-port 50041

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.0.251260746\763817813" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {dbbb1f22-8344-4088-850b-3490c4afcbd9} 2268 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.1.1603927741\131487642" -childID 1 -isForBrowser -prefsHandle 2444 -prefMapHandle 2468 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {33293eee-c921-4117-9a9d-21688332555c} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.2.444027993\1339203121" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {e5850d79-d7a6-48dd-98e9-aaa6e6eebde1} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.3.1605933753\33264136" -childID 3 -isForBrowser -prefsHandle 3048 -prefMapHandle 3012 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {44dbd79e-2b02-4dfb-944f-9383bbc2ad77} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.4.617201057\1379690579" -childID 4 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {ad44af13-d588-4214-9811-38fc4e607b48} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.5.921144153\2091224667" -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {614912c6-1d69-45af-9288-a32c143a17b5} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.6.415089340\428110003" -childID 6 -isForBrowser -prefsHandle 4036 -prefMapHandle 4044 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {87f1abeb-58f7-4b2e-b7a8-98f7845e44f9} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.7.1411311491\2140424605" -childID 7 -isForBrowser -prefsHandle 2964 -prefMapHandle 4384 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {bc0f5347-e9b8-4a54-a8fe-667f87761797} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe --port 50040 --websocket-port 50041

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegqyRk6

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegqyRk6

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.0.2081677406\1452642397" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {72575920-9fa1-4d03-ad90-c9fa091ad5cc} 688 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.1.2102538441\1891514389" -childID 1 -isForBrowser -prefsHandle 2556 -prefMapHandle 2096 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {cbd5badc-88e7-4263-b435-cf6e1a416dc1} 688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.2.1282427331\561733098" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {12c469d2-f982-4cab-91ca-9eb87ec94cdc} 688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.3.186573220\1244895116" -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 3076 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {b914721d-94b8-479d-bc0f-3e161c8aadc2} 688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.4.180614163\1700688064" -childID 4 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {1dd8938d-7ddc-4956-8b50-f2b02e966760} 688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.5.1117383902\449646807" -childID 5 -isForBrowser -prefsHandle 3844 -prefMapHandle 3852 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {d537af00-b87a-416b-89df-e079b8d01c28} 688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.6.1059866441\1250140167" -childID 6 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {66aa460b-2579-4be9-80e0-6b0eff10bb81} 688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="688.7.1695168286\534571441" -childID 7 -isForBrowser -prefsHandle 4320 -prefMapHandle 4324 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {002b974b-35e0-4053-bad5-60e3ed92d7cf} 688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe --port 50040 --websocket-port 50041

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.0.1269730071\1716235083" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {2ddd24ad-4cc5-469b-945b-7ca75a1c6a6d} 4696 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.1.2146811722\883313883" -childID 1 -isForBrowser -prefsHandle 2252 -prefMapHandle 2268 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {619080c6-705f-42a9-8cfb-12ebad2669b7} 4696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.2.1263585937\1412349763" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {b48c2bb8-651b-436b-b5ab-b3deb1402a53} 4696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.3.682407991\998030179" -childID 3 -isForBrowser -prefsHandle 2940 -prefMapHandle 2944 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {cce92ccd-cefb-4d95-b354-66a26b241743} 4696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.4.33673086\2037272280" -childID 4 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {93f3e7b8-4fdf-45b1-81c0-2c112df5f094} 4696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.5.177890596\1144452508" -childID 5 -isForBrowser -prefsHandle 3796 -prefMapHandle 3864 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {bc1f2323-8b48-4d64-a3b4-e3afb76ec593} 4696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.6.162749896\1679030357" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {8465e538-365a-4e4c-8ddc-f279dc6912bc} 4696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4696.7.514736789\551788498" -childID 7 -isForBrowser -prefsHandle 4396 -prefMapHandle 4400 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1124 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {860ac0ab-9984-4237-a826-dad94c5be8d5} 4696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe --port 50040 --websocket-port 50041

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIlhAxY

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIlhAxY

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.0.1368107443\2034287192" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1420 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {a5490f7f-925a-4940-bf73-8a98a6a25e29} 1196 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.1.899758057\1261498128" -childID 1 -isForBrowser -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {a7f12249-cf31-441e-8a39-ebae1ac160a4} 1196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.2.1697880597\550676777" -childID 2 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {623a0b3a-4258-427f-9d51-6cb3ce883721} 1196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.3.507638545\1506843753" -childID 3 -isForBrowser -prefsHandle 3032 -prefMapHandle 3020 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {25a8ad10-4370-4f70-9474-d5347fd6b20e} 1196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.4.1656862434\2004070475" -childID 4 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {4099a1c8-bebe-4c24-a302-bb066a2bebb9} 1196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.5.1905196934\542683584" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {a8d26ac7-b7a4-4135-abc9-ac8dd3851984} 1196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.6.112237808\1573212795" -childID 6 -isForBrowser -prefsHandle 3748 -prefMapHandle 3752 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {0d5e075b-a392-4961-83e4-234f7bcd96fc} 1196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1196.7.2089486905\474598702" -childID 7 -isForBrowser -prefsHandle 4332 -prefMapHandle 4340 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {7c24de05-50ce-4974-a197-339e9011c62b} 1196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe --port 50040 --websocket-port 50041

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXxbKBQ

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50041 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXxbKBQ

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.0.569080140\905986187" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {74d9ebbe-b2a3-4320-a5fd-2a55ca43fd93} 4688 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.1.141948165\1444700350" -childID 1 -isForBrowser -prefsHandle 2508 -prefMapHandle 2564 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {b2b27105-fa88-4e60-90ac-99df87bad7c2} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.2.2113835016\1640350581" -childID 2 -isForBrowser -prefsHandle 3004 -prefMapHandle 3008 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {11af5dd2-02ee-452b-8c1b-17e9c4ab1d24} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.3.2035702451\1471959310" -childID 3 -isForBrowser -prefsHandle 3088 -prefMapHandle 2980 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {0394e8fd-21c7-4e79-8c63-6e809c557e2a} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.4.2031362238\2135426029" -childID 4 -isForBrowser -prefsHandle 3708 -prefMapHandle 3696 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {a62be892-97ec-4b75-a9ab-9d24ed25ebb6} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.5.37272660\404549329" -childID 5 -isForBrowser -prefsHandle 3284 -prefMapHandle 3300 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {9d9e0eda-2fb4-4500-a279-60b23c65870c} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.6.462993589\1002629929" -childID 6 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {71519d47-c9cc-4f54-8d1b-ca71c2939835} 4688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4688.7.1673468096\1283693585" -childID 7 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\browser" - {f17ceec0-c6fe-4ca0-b32b-1ac2e122b126} 4688 tab

Network

Country Destination Domain Proto
FR 178.33.36.64:9090 tcp
US 8.8.8.8:53 64.36.33.178.in-addr.arpa udp
DE 159.69.71.228:9001 tcp
FR 163.5.159.230:9200 tcp
US 8.8.8.8:53 228.71.69.159.in-addr.arpa udp
US 8.8.8.8:53 230.159.5.163.in-addr.arpa udp
N/A 127.0.0.1:50143 tcp
N/A 127.0.0.1:50147 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50238 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50246 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50604 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50612 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
N/A 127.0.0.1:50040 tcp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50918 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50926 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:51200 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51208 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:51494 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51502 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:51799 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51807 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:50040 tcp
N/A 127.0.0.1:52097 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52105 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI44522\python38.dll

MD5 093cc8dedee3c0d9a59761fd91d267d9
SHA1 7a92e7b5133dab7464a8dc0915e14802e03f3107
SHA256 602be727a80ce61151fbf5ca567750db0ff9de0b3bf9671b7b66b3f6e43d1a7e
SHA512 6a06d0bc8be52844995fcd677bbd51356fcda5a3bdeb0a4326ec0e9d5c962eb56adbf98795e52fa68ecc1130c570b02fb8da4ad7df13d219e0f79b380961b424

\Users\Admin\AppData\Local\Temp\_MEI44522\python38.dll

MD5 20071da7faf33c2b02e74f43f55a946e
SHA1 78a10c8cb10e2ad4ce2a9cb23938388c87944909
SHA256 e19bad0c7aea54ef1b905f7f78142ea3513c4c388b3d54541e55c95ced167841
SHA512 252c61343cdb2da1d581113b489910aade479ace4b42a4e07c7f4a5a0acf2642271248a2c70dbd29175e5eb5ce41a7efee77f1b6fc103587e88692220302efcd

\Users\Admin\AppData\Local\Temp\_MEI44522\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI44522\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI44522\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI44522\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI44522\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI44522\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI44522\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI44522\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI44522\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmplscw9533\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

\Users\Admin\AppData\Local\Temp\_MEI44522\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI44522\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI44522\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI44522\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI44522\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI44522\top-1m.csv

MD5 11136fa0eb32dbafb2979b5c07816a51
SHA1 783b6bba1043b11a3850ba5c922e39bb1409d094
SHA256 98c29fb0f6ecdff973c17b62389b8892a69bda49e2dd0c0ca888ebf4ae1f322f
SHA512 3f20d5d0f977dc1661bdf98394674ac5c3b1d85873d6ddc1c2a430ae2d0d46d517473c9884e60474093dcac5436d8aab64d98c0e56532edc49b449822aecec49

C:\Users\Admin\AppData\Local\Temp\_MEI44522\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI44522\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI44522\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI44522\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI44522\libcrypto-1_1.dll

MD5 cc1e00a19e4ef6f25141e7e8adadaf6a
SHA1 f710a49c7c95fcfb2349bc8dbed9f17155366194
SHA256 3cdb90b4a75d918c960a26fd0c271e7f54dce21671c21d3246e7fd5b78cef210
SHA512 b18fd424a691ebb290fdd6c7ca902a4e6b67a0f039c922a9634f2d816998b5847e2f9d2fc6bc302c087e27f49f59fdd06e31b750db9b7688be75e4c12baf5f94

C:\Users\Admin\AppData\Local\Temp\_MEI44522\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

MD5 ecd8efd4cab1e6f7d84483c09c9ce6b7
SHA1 aafe438def0edbe9176f462d1e4e8c4a1883540c
SHA256 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec
SHA512 eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9

C:\Users\Admin\AppData\Local\Temp\_MEI44522\geckodriver.exe

MD5 5ce293634917b535b9980244a5600710
SHA1 98fd55b185c0af2a4f1c81dd946fd24d2113756f
SHA256 3f6716f70262cdb08b625bc472d2e8f5e40ca6c2f210b6de8bb91c64065bb9be
SHA512 2e039038c0b2de9996ccaa1430d5db47d6e6d09f89c59f6b386f59742074ce0bbcfdacdddef645746af48cdd50ca82c3379652445a0d162e976a12c098679f7f

C:\Users\Admin\AppData\Local\Temp\tmplscw9533\webdriver-py-profilecopy\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\tmplscw9533\webdriver-py-profilecopy\places.sqlite

MD5 1ed7c2bd7ffbaf447f5206e035d8bdfa
SHA1 8455c9b465e9abe8a90f394a8ab5fb769b10fe15
SHA256 aa15d65dde814599e444b377f36d090400b18206edfea6f5d3086be4a01338d9
SHA512 eb3faeb0ab14060722e69e216ea27907679d02a09965ba2b2757da64a086932ff721ae1d4daf65028c86ca354575a4c1cea6637242925a3f5bd79e176704844d

C:\Users\Admin\AppData\Local\Temp\_MEI44522\Tor Browser\Browser\firefox.exe

MD5 4b8a97c46229512e9cdd73103b9dd509
SHA1 6b00b5f1ae7f031ab3df533bd0ee620100fc9e39
SHA256 3f00fd6dd1d025f9639e1bd3a5e0f01dd273abc095bce9886a5cbdfa2da23c0b
SHA512 d0b554cdfce241affc78e0b47a9ad605d41fb28771fe155f642f00c0824272cddb54a706eff77a3bafd84c7124e28ce09a51da10ffc97d862eb9bcf8faff381d

memory/2936-532-0x0000029D005F0000-0x0000029D00600000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJQXrw5\extensions.json

MD5 c1088c776dde5df0f4f6250f86a6185a
SHA1 1e700d97ba35974466a1cc5f91f18a16de018de3
SHA256 a5dde5240f055dadae7413d8d8c4b023b85ebefa2f15812dbf42a781e75949c7
SHA512 d4fea5feea737157d73cef68d3c49fbdaaf848e18ecbe68f80f8100cd257584b9d14530a43c11f80187643ced60d74af40a76098af1a0f21257f972130da0a5d

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 4c17d8aab9d46a4167d874cad4e3a7e3
SHA1 243133d6f00280d4a85c5700c178e5801020a193
SHA256 6cf46d9fa63bb1c4d252204aae09e4f5f5ea0ffe634a1cf7b30272d8a1f334f9
SHA512 2880b24cd4cf54e494bf939e59f2b4180e68f7372a6a55e3c378652df4c1f5d45a443b07c6ea47a7363c939e94c0d57a2eb16462acbd92d232e4a7a218ac4f6a

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c45271376a43dabf05b8474940f4d65b
SHA1 1289999a70461fd49d559043b983d7258242fa75
SHA256 35621dd1e58b34fbffb75ed6e9ae1e894a165edc72c0a5020a9041cdc91b562b
SHA512 a8432905430ed89914d1462aadad2a860c824c13d129cdbc7aba3e5d828fa2a77d23317dbcb937a93bba7108e36659b58f07aad7a8a40023be5d52fe693e45f3

memory/2936-581-0x0000029CF52A0000-0x0000029CF5410000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJQXrw5\prefs-1.js

MD5 ad29c60f9448603137db5ca1daef3b60
SHA1 db20b0b639fb9387f748e7fda3ed1f8afbd2f861
SHA256 8b2bd3e4720bd4a7bfdcd5365c66c586938fa4fdc0207d7c0ae63dc00d3d96a4
SHA512 ed628b94d39762de022c0b6316b2f5e7587e44a98a3721d11508c5913d79e4033ede4c7e4564f7c6e4c25b0fbb18a6bdd73ced25237583a91ed3a43b588de334

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJQXrw5\prefs-1.js

MD5 37deaeec1c1ed405d1f1738f2062f3f7
SHA1 2b02d34fca6092be97e3d6d7748791b993622e35
SHA256 8c3ebccd1d62aab7f67a48d97cd7014d164e1c454bbf546157fd439d94fb709b
SHA512 2762c2a8c78b08193852160fd27acc3e59b0dc46b1ecb254fba6ee3ad25839218a3fc4e98c57b8bb94142b1a2b59006b1a529bf32e7f94fecfdab5599aadbcb1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\prefs-1.js

MD5 98263aca0538d7e6ca0069ba910cf52d
SHA1 b42b6691181fe98a3c068bea7ca53bf85225e02e
SHA256 3195d582aa2afb493bbe7c1fd3bf55094d8246896d339f840caa5c5e268dd09a
SHA512 4d230da6745e5136d1d5469cc8a596ede61e29e4a8fd3255ce4c8f7daf68b28f88905601f7f9b147a5b191041fe3adc2b5cd259c12cbcde2494e9bf2e48d087c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\prefs-1.js

MD5 63d1b125fd6f082925bd06c9c6195c6e
SHA1 bc01260b30cb295ee568f7df17b49d6ce398e01a
SHA256 fe9f8554bbb55ce3e2a3c7c45b59226e802b9cdb5dcb64aaf0fa97ba7f86c0fe
SHA512 9f9eea56c0316e705c5ba6572c96548baa3a4da28b1ee0b6808dce3a538760ce94c43496098a431791dfb47d91a176e926e1fa50d0e59719a2ecca656e07f7f6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile45vvOd\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc\prefs-1.js

MD5 9a7617e6fcc645f5143b9abec2b7336f
SHA1 c844d60759a5e654864a188391f9b5bcd6687bf4
SHA256 0c02937ea1754b3c917aaec407c2dd49b85680911a484c97df53447e38f38381
SHA512 5988ebd7361a4d72053e9c8acbf4559a8a0b7164cdf779cfc131de81f371c86705552cbd56b84ba5779eea1b89e1e8113c68f458f42cdd686acf8e36261a9c74

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFl9kbc\prefs-1.js

MD5 94905b07058d331f2b2f3e5c9ed9e242
SHA1 42ca8c1f7935168f936edf4fe1fc38f69ac58756
SHA256 faf601e21d0ff02a7df03e8e9522874c96604ba84d0c2c05620034586a6eedf6
SHA512 f84fb4231edb5045d8c90b7f41225796952f96fb6e0e58d91c2fc43c90a6c855b0f7be6b23b596c2e050d39033d74b73c03eef747143748154057a0236934210

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegqyRk6\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

memory/688-1361-0x0000017B2C5A0000-0x0000017B2C5B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegqyRk6\prefs-1.js

MD5 7f68dc61d45f2b81879cb87285750f64
SHA1 73888a1ab7e6bd47e7ff4f261cddfd9b5ee87356
SHA256 638c762b67e36898c390d556174b457e1080adfdf2fa2e63466776278ff95c1a
SHA512 bd1c7014beba4dd7b71a172667f9053ddee567fdf4da9ed88bb1757d379038d4dccc3f08fd8e1994e0507cd323fc1a7194edfbf2f3196f0ed5fab0d265373da3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegqyRk6\prefs-1.js

MD5 9f4a9b67c1ef78ecbdce7a561b031595
SHA1 b01a15295c9e4e78523d6949510a36347633126d
SHA256 1b3c6e4b1d2f1a3bfb12a0e4675414fd6002d1723908f334593330f292fb21be
SHA512 684e8788b4423837f10cfa1412937aac2951b2d216c777216033520528a24cbc011a6fb9cc158c4aea6b19905521836320c2e3962cb7cd81e8fb21ede64c4d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\compatibility.ini

MD5 45b0e81f02447c0ab47a4cfea12a66eb
SHA1 3a34edc1723333127101bcaf97f43dede1a09e1d
SHA256 0801cb7d52d17f4d8cdcaaa724236c2d2305f4a49a2f159015150cce9fae9a34
SHA512 e4eafc57fbd571642010045d9ea38a7f6ce3a2d0ab17a54cebaa4ec89f97be76c48cbd193080367af843aa1e8fc9df8586478e3b19abde9db468d071413b3863

memory/4696-1539-0x000001C94B810000-0x000001C94B820000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\WebDriverBiDiServer.json

MD5 525480f86e467bd41ad500fd525ca413
SHA1 4d9e10e2c4dfe1388a7d31f3fdc6be922da8a2dd
SHA256 fff08780b374ce7a1332627ebf6187a9531d73615c1b62373334158310195ce2
SHA512 78c286e8e5c00516273ed2e8666f03ad1e5e140e04a5facab61d646f2059776bfef4d355e8d2ab9ab2fa32f850c5b8733a85ffa1a8d784e046e6907423dbca56

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\prefs.js

MD5 9f67805083f7b1c9a45af2685c4da35d
SHA1 6e027374c1b0edc95641db4e7045fda875f4d51e
SHA256 c14c113564c7e55a2f34db1849ada473f5bdbdfe5ef535b523903be7da4ad990
SHA512 e59fcc982e2d0050e1bf2a7d94bca673ad1953d7d1d8799a4637a584095dfad0311cb6796ba3975c2dc7ea400c7c73ce2489f2a55ecd8ed936576de1b661bedf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\prefs-1.js

MD5 c6e3e8ba3f6126354677a0860f742f9c
SHA1 721137e6b01cbeb7640b8971d0742db66693091f
SHA256 50ff30f2eff205c848c9c25e6374b395cfdf68aca903ae1d9fb44ee8f3661817
SHA512 f5887c4086aff7caf6c38681a466324c61766ee03a7fcece12bf1949ee0e2a4a54813ab3f7ec47a63f8d7989ff6e0a10f9c7e3bc317462508e9d3ba929ed5aeb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 e275b869e7da572b48b9a72fab90b159
SHA1 64fc52d945e0365ba5daa3983e6e45848a4c5a74
SHA256 b02d7e2cb2e8e858b189ad412655e6f01d89aba22b2d506d9ff34ec4c691ad00
SHA512 7e65115fe8011a2a53cf00c350b9d5db369d38371245e360c9fac13ef6998d540fd387b0ba4ba7e1ca9b243c6280b6e83aeb1214ac2e4145ccf891846bd6b058

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\prefs-1.js

MD5 91f09ecf5fc74ddb296d09dce289089d
SHA1 5c487c311b7cb79a012039aabd6f855eedc037e2
SHA256 1c25d6496c507a1ff37686fa61810019b12c978fcd84acb293e38b7dd8d93866
SHA512 dde0db125fd075e232a4e28ba5027eb0134c3334dc7ffbd788bf9501b45b7bd9ec0042bdb96b9c72a645f2178e20bea12d5abe6e26804a94bc60cdfd6a1e0197

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileweYNwS\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIlhAxY\prefs-1.js

MD5 df6ff4de805256be12ce9285f0bed0c8
SHA1 6e9dd0c8f4ca0da37ac2db78fb2c308f6d8db345
SHA256 735e6ced65b75e7d575c44bf6a17432d1efd02c6f32ac68ca490d28a0370221d
SHA512 e5dea3b04b1683ce799ceb6a428e0b619c2058b7b31d48f6d57a6f39f1169557efd4a109fa500797c07873f2a95e8e5e871363a3a2e182172a43a82675a9f75d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXxbKBQ\prefs-1.js

MD5 7353696755220b1b8248d9f036e5410a
SHA1 0221f30ff83aca6acbf1cad4ddff8fdd49c41be3
SHA256 24fde2a8e5c2286f1e8bd8ed6c1b4366bad2d46b77cccce768a7c23d19a29757
SHA512 33c31f7be208850d934ea99452ff56fc38431442da2b0716049d9bea80f628f5735142b486fcf53be0f278c60c82f25ee67d4d9c6f7aa86ace63b0b10de00abf

memory/4688-2145-0x0000029C70530000-0x0000029C70540000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXxbKBQ\prefs-1.js

MD5 59b629911fb51a92f7f7320e3d3bcc13
SHA1 40b2b4335eae5ceda0a2f4daf981589cc8387570
SHA256 3dca88dcbfe478ade360b13d52f209c77f862c705f8bebdbd3801f628cabe98b
SHA512 f9203628b1e8c3072bb13eaacc216374208daf4aa98ab2bd432ad06d198c3b7657a36e3181a9fa5b6af3688c64b9bf9f8d8062da4adc5b4d003193b92a50dd41