Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-bfgrzscb93
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
pyinstaller evasion trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller evasion trojan

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:06

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:05

Reported

2024-05-09 01:16

Platform

win10v2004-20240226-en

Max time kernel

311s

Max time network

341s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5036 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5036 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4276 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4276 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4276 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4276 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4660 wrote to memory of 4192 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4660 wrote to memory of 4192 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4276 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe
PID 4276 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe
PID 772 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 772 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 3700 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe
PID 5076 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5016 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe --port 50111 --websocket-port 50112

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9Oh1u

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9Oh1u

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5076.0.1778260501\1450782222" -parentBuildID 20240416150000 -prefsHandle 1720 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {b5e1b1ae-af11-4846-b820-43176919e365} 5076 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5076.1.967639615\520849681" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2712 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {46e61f4f-ea20-46ea-80ef-334cb2f1afc7} 5076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5076.2.1335355550\228112429" -childID 2 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {bbdd2752-ed8c-47a3-b074-8c1f2d984662} 5076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5076.3.365963105\1244103423" -childID 3 -isForBrowser -prefsHandle 3448 -prefMapHandle 3452 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {ab8d4263-897a-40d8-90f4-0b6937eec937} 5076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5076.4.2106319955\1190765768" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {e616fca9-323a-4234-894a-160d3dce21c5} 5076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5076.5.2045481072\897434575" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {2afffd23-8281-4cf8-a7d0-4bdc7f7ab8e4} 5076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5076.6.1372085621\1356181738" -childID 6 -isForBrowser -prefsHandle 4208 -prefMapHandle 4212 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {f558e326-cad3-460c-8023-51348cc0ab06} 5076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe --port 50111 --websocket-port 50112

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.0.1300060937\1105503300" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {1d3bf431-0d71-4b1c-a5fd-956f25938de1} 5320 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.1.907700909\675094201" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 2684 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {69e1f854-9d15-41b8-868f-bbbb3a9727f4} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.2.921911189\1455107552" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {470b2897-beff-4f57-b182-c74b59ccd700} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.3.172605399\1747826314" -childID 3 -isForBrowser -prefsHandle 3284 -prefMapHandle 3288 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {16178792-d7dd-4d50-abdc-9616d19602fd} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.4.1762630829\661159367" -childID 4 -isForBrowser -prefsHandle 3976 -prefMapHandle 3952 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {0c2227b3-7e86-4e06-90d9-30a0c093acf7} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.5.1472260105\928133273" -childID 5 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {61235614-2b89-48dc-8c1d-3010b77191a4} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.6.1882554296\1265586048" -childID 6 -isForBrowser -prefsHandle 4324 -prefMapHandle 4120 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {531f0c92-fbe1-4321-98a9-60c4fc4890cd} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.7.1933116424\1413313705" -childID 7 -isForBrowser -prefsHandle 4756 -prefMapHandle 4760 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {9d9de6c7-d743-4048-930e-f1e91b4ed9b4} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="5320.8.370720855\469424504" -childID 8 -isForBrowser -prefsHandle 2620 -prefMapHandle 3896 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {3fa944db-7663-499a-ad74-fee40b67ff99} 5320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe --port 50111 --websocket-port 50112

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.0.1750815177\1764396258" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {701a0490-fd93-487d-afd1-0d1c9cce9ddf} 568 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.1.1355227019\298425956" -childID 1 -isForBrowser -prefsHandle 2464 -prefMapHandle 2452 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {e71953ab-a796-4268-8da2-5afa1898dc24} 568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.2.40522600\1915384334" -childID 2 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {6fedf79f-b68a-421d-b69f-081af4c2e30e} 568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.3.2005560977\87477160" -childID 3 -isForBrowser -prefsHandle 3352 -prefMapHandle 3340 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {74dbcbe6-c399-473e-b802-e2aafc2becc5} 568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.4.1861278524\621491880" -childID 4 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {91f668c8-b6aa-4849-b10f-70307fe15d07} 568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.5.732201117\15820391" -childID 5 -isForBrowser -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {a3cda3c8-8d3d-45a6-8a49-0f862534b551} 568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.6.1229367133\71179380" -childID 6 -isForBrowser -prefsHandle 4196 -prefMapHandle 4200 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {b43b0122-823f-4773-b6f8-b99a4229f8ce} 568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.7.1869998554\359101065" -childID 7 -isForBrowser -prefsHandle 4620 -prefMapHandle 4624 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {b4687e13-6c65-4d65-a385-83670f0ef0b3} 568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="568.8.1498826079\690522809" -parentBuildID 20240416150000 -prefsHandle 4196 -prefMapHandle 4624 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {33304e77-af2b-430a-a2f4-77d6d52f7033} 568 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe --port 50111 --websocket-port 50112

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD3P3RK

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD3P3RK

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.0.1392121757\961804689" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {c1ec9240-0f16-4515-a3b2-ee3fe0cc07be} 6068 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.1.734062295\1670466459" -childID 1 -isForBrowser -prefsHandle 2388 -prefMapHandle 2532 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {df9c674f-6970-4748-9b41-d3ebcf863d8a} 6068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.2.1499572783\1632960436" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {9c886fdb-a96e-42b3-ac7c-cd0a6657a0ca} 6068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.3.510513497\38036414" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 3288 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {453e76f0-4d87-44e0-8d8f-5e84aa806de3} 6068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.4.504611280\128415816" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3908 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {d7833fce-6941-4d78-ada1-dad39481d510} 6068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.5.345750716\76310022" -childID 5 -isForBrowser -prefsHandle 3304 -prefMapHandle 3220 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {bf1d6f1d-6b02-4ca6-9aea-a800d6ce5021} 6068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.6.323495014\565907673" -childID 6 -isForBrowser -prefsHandle 4200 -prefMapHandle 4204 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {c6abd47e-8ca8-46b8-909a-6f345bbce127} 6068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="6068.7.1586755845\165178895" -childID 7 -isForBrowser -prefsHandle 4172 -prefMapHandle 4368 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {5955ae4f-3cbe-42c2-b6cd-af9a0947facf} 6068 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe --port 50111 --websocket-port 50112

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRNB8xj

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50112 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRNB8xj

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.0.2144569001\627459990" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {063c2231-54be-4af7-9919-a2a491f7cd79} 1872 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.1.1048991612\1206727721" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 936 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {cc3752c3-b950-4dd9-baf9-da26d4a6a1d6} 1872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.2.180760171\100793086" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {8924c629-494a-4623-8ab8-f27373c2fa51} 1872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.3.1942473657\2099601488" -childID 3 -isForBrowser -prefsHandle 3324 -prefMapHandle 3280 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {e6915e53-200f-4aae-a71d-49757479d996} 1872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.4.1442553683\1403391237" -childID 4 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {eed36407-823f-4d78-bc56-bcc994ebbfd3} 1872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.5.1903148612\1898247784" -childID 5 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {4e097244-9cf6-476c-bc91-e430d606d531} 1872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.6.1449643991\1468977503" -childID 6 -isForBrowser -prefsHandle 4000 -prefMapHandle 4004 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {c9c3e361-6238-4e71-8140-2e126d9648d5} 1872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.7.1868414755\1839880190" -childID 7 -isForBrowser -prefsHandle 4520 -prefMapHandle 4512 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {601c97c3-430a-4d8b-9acb-486ee94c9395} 1872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.8.1721821551\286472446" -parentBuildID 20240416150000 -prefsHandle 4968 -prefMapHandle 4964 -prefsLen 27513 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {a863a3c0-3a49-4016-bf17-81c7d9231bcf} 1872 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1872.9.418368489\1406476751" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4572 -prefMapHandle 4972 -prefsLen 27513 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\browser" - {a8e4a73e-10a5-47d3-b9ab-56f0c8906577} 1872 utility

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
DE 185.220.101.100:443 tcp
US 8.8.8.8:53 100.101.220.185.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
IL 185.191.204.254:443 tcp
US 8.8.8.8:53 254.204.191.185.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
FR 163.5.159.230:9200 tcp
DE 144.76.3.174:9030 tcp
US 8.8.8.8:53 230.159.5.163.in-addr.arpa udp
US 8.8.8.8:53 174.3.76.144.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:50120 tcp
N/A 127.0.0.1:50131 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50327 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50343 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50694 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50702 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:51073 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51081 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:51473 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51481 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:51847 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51855 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI50362\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI50362\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI50362\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI50362\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI50362\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI50362\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI50362\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI50362\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI50362\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI50362\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI50362\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI50362\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI50362\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI50362\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI50362\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI50362\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI50362\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI50362\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI50362\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI50362\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI50362\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI50362\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\tmpwe836ox8\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI50362\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

memory/4036-498-0x00007FF98EAB0000-0x00007FF98EAB1000-memory.dmp

memory/4036-497-0x00007FF98F420000-0x00007FF98F421000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9Oh1u\addonStartup.json.lz4

MD5 992cfbd29142a4cd9a93f522ab2d3a33
SHA1 d4954e866fcf5e7aacdeaa8bc471de32035b298e
SHA256 7d46dfc2b0d01ad0abf74bb6175655e5caa244b30889a5a55b77272b07b2df7b
SHA512 ad69d2c3f7820b0de4ee0fba9a73b57b6a5c298be0eddac3e2d42365ab3eea328c6bb7df8c09f07caa56faa507247c6418153ebc53a70b63a54e03687c7c166d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9Oh1u\extensions.json

MD5 2892d8c6832e080856f44da11d644a74
SHA1 9776fd8127826c001e5c7531ed63e158be91d888
SHA256 98db0b6da5fda1acc0ae542d4799ccb4618828d0bfd7212046ef689ff9b6f34f
SHA512 50b6ccbb8d6e167f32a8e1fa0344ef0a137fb9e7514703b446648aac6da1ec9f5dd2ea7fa473850a4d540e2c59824f36c3bf4987123a91b6452263e5521f7171

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9Oh1u\prefs-1.js

MD5 eb838c30b9dcc772e9458761875a845a
SHA1 0ce91abf224bf019811ee4c914fbb2924ffc477a
SHA256 3d857f077d1829ce77ad87776b55b78df2fe4281f8e9aaeb8dcf97ff9ad43fee
SHA512 b61b08b96118d0e252f4e4fda873eaf53634551b597e78adc2d33657a7f2538308a06f548e609e4e6717c6a9cb9b499c6a4700c25d32b2f5dcc6755c04e5bdcc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilez9Oh1u\prefs-1.js

MD5 87ab6e190365ee13aabfd5224452faa5
SHA1 425afd91d414d78bad6d1e3305024953291f608c
SHA256 5d4d080c7d58b71152a5825f43d2cbd802c9adb39751105f1167775b257b1d78
SHA512 cd2e70967085cdf8cf54c8fb7496c261912239c6c15fff11d08ded0ca1e3c2ab35e7ecca88a9485937259f875d4fc7705cd3999e05b58a6876b398de915453d2

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 fec3f544e9b19f18766d25348b1c17b5
SHA1 42970347b9e88b570b3bc76733fe1f6cd4e70762
SHA256 7d29fded71a658ac871eb401464c1a94b6d1b0dcf40f5018b316b21022311c69
SHA512 d504eb14149697f301df699fcb352698ecb67f90f685f132afcb410b1b75199320c605adbd5bde1af0fd035b8df2d18055a3a643d268ff2ae4b53461182329eb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\prefs-1.js

MD5 fb83ebd905dbd60fbea0de2139cf8eb2
SHA1 246300f94afd58cb5cbd765fa37eed4b2addedad
SHA256 f53ae1352f5ae4c5ed0fdbe8ae1fd7143ba8794f341795f2f86074b88d8d2684
SHA512 2a8b5a746c85cffc6bdcbcbe2c950b893278cadb3d245d29b3b49caca8f41d90cdbb67f80aa7d9ec60ab5541c21afa01245c30f7b85b889b3a95e9948a3634ae

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\startupCache\webext.sc.lz4

MD5 800116705858fda0af410ee0346d40b2
SHA1 7225798ae9b8150ab1e88ef9842838aa491de71c
SHA256 99f723a8969844b2dfaf09c579b37a25589505c47eb96465281e59f3ac3c92f1
SHA512 890d62431a0634179377c17d0a1ff81fd7df2660f6e7c3ffc8323315ea3b5c3942aeff8d47a38699f90658636b0df564981d73e9d2741125428f3e67fb328b30

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\prefs.js

MD5 8bd35c390078d60826f6def4a5102a39
SHA1 623cf4c201e061fd540dc71352e5edc8a83d7011
SHA256 f6872103cfeebce14f6c386b24d3b33227cd6b29e7cf17f2237953b831742945
SHA512 064ca3691c1e43b0a8f08aca63f6b7ddba5a0821e560e08176a3584bc841a877fc21813cdd943dc52d710d4ec4b1c24b668560ed35f87464285d5405262ba4c0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\prefs-1.js

MD5 a041cca101e4385be794bf1a4166a7fd
SHA1 dc8a3be1ef8f1f0014324c863258a00aa7a1af38
SHA256 b33c9259ae9af407e4545f02b35470c8123a9d39dcd482239d0c07bde081057c
SHA512 48b14b04715078062264f56f38d0b729f4bcc0b25cb9c8f9a069ed4578105bf7dccfd4f475c143a3ad515d8b69737d6f7842b1999a10ecf4ebf1acc3ca04ac97

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\prefs-1.js

MD5 92dde1fdcb7302e691c20e954f29d9eb
SHA1 f372708025fbfe2eda506c5ff067d74801733993
SHA256 1a09ded0dc5c63605976b26c5147cf35b4f5e1d3ed4f3ff44cee0307be548943
SHA512 6b860a527d799d379e57367ad47d54e588f738deb25f086d3488abd6fa0a2e10c10abca6c762ac6d6f06064083ff29de08f4ee8f0c343ec92a2d67d24b97c775

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler2Wqbo\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV\user.js

MD5 cb0ab359b48bc3bf5a5e6d7dfcbaac1f
SHA1 c956a4c19b5ae077d912a2521357347598e6eff7
SHA256 595d734aac30b533bd005effa9eddb1c04fa715f8cb547ecc0ad6f7297ae859e
SHA512 289c6755d21b4b68cf89448da12d33d9fc291e872ff85c4d09c0ad818e60ae47ef4daed60774f67e03ebffa67ef61dcb97a78a0869c1b329bf04b1c5075e0505

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV\prefs-1.js

MD5 62832f23c8aa1d401e5ce04e1d179121
SHA1 623ee60774aa30e06b146a8f13bc6e92fc89a50d
SHA256 34fb51016ae1e84e32c7ce4c4cc220d97590e05bf3f1d21fd6389cb3a90ad284
SHA512 fcbca36473ec9ee5135f654d00830aebe81e0c4cd0a35a0b0869791ca5ca1b92f36ff97cb0fbcaa635f9af3d83c37676998a99ef1d513e99e816dc296a84d907

memory/568-1221-0x0000024C93A20000-0x0000024C93A30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV\prefs.js

MD5 f137487d7b078ba27398cbdf6bab585f
SHA1 d8bc7370224004ffc7c839be21847567a16b7b43
SHA256 6eae7eac989ee317d012209e008b65aebb258c04134240a67f6c682d5ec8ca37
SHA512 a1563f46cb403baa33a480fb7fb82bca3c719bf1d08113069f755fef14ab6db898e8d4cdf4671f4e86348952c5c630899a9321c3fdccbcde1f59217efa7e543b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV\prefs-1.js

MD5 2cf2ac703345b33520c14bffe9971776
SHA1 df690140a2d83d3cdf5836bed7c719aa7437a9e8
SHA256 eb6c360b228470178e5278ddd66640b68c6aa0c4b5738dbc5a281bd6eadfead7
SHA512 b94e3e3b97c17a9842a0d9b849c1eb6669396fe6dd11c51e104d56b3e5fd5a663631119da4c4abf95fdd9fb2b42b7850ef2a66aadcfec8e78220302f9060a8e4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWmMclV\prefs-1.js

MD5 b65ab9a78312445fb36d7a239ae9d44e
SHA1 65bff0ff8e9018e2f37bc49cb8873a19e382d455
SHA256 63db1aef1f9dc6034682b16875dc5abb219568a8c5724404c1d1ed3409c384a6
SHA512 bedf4c5626df4a210e9177354716a8c3da5d6202b9bbd21a4f7c164540ce5396d408c1a345f27ad63d1aa7d19f14ffca963ff1c8ea88c6a1f5a78ee97c183ea0

memory/6068-1548-0x00000298A4D70000-0x00000298A4D80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD3P3RK\prefs.js

MD5 c2b32179f1d9f76a0f86a3baef151787
SHA1 1e0246e1d22e0b37dcf8a200686200e3ed2cb4e4
SHA256 915e34c363da1058df474e96de03a8b9e257dcc018a5061dfe1e434a261e2b03
SHA512 11ec99d45ed09050839cc826c73f42f64cc0faab0fb9b94af7c780fd518e7e2d52e63ce59c14bff1783a34d7d5989d2d0b781cde4cf565ea58d0b837863e9828

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD3P3RK\prefs-1.js

MD5 b68b9bae7b732aff6190d1c748c2e4c9
SHA1 6149d4f63fe2b0f0dffcc8f59cdf683879d405dd
SHA256 99d01de7b285cbca9f009b18dd67c6373f2d1f39d1488ade569bd9511367dc09
SHA512 ff982cfa98b63ff5f082f3941f6314d34af26e2ad6827a9d1cf4a51706e718fb14489cb4b44f0fe208f1eedfa4e7a776e5f0f1f2e20c283043057106460ecedc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD3P3RK\prefs-1.js

MD5 4a75a40e09306231eb2e1a9d1a395993
SHA1 66d9b2f4d232e22fb680d47da66880d6a7e105ca
SHA256 ed495d1f52956d966ae7e580c172158c09e89e6afd01fc3ff7dcce250a7c9527
SHA512 4b4926c666466ef2ada25c09c425f5d1dff107976de4ed712f853ab12da5369b4ab6baed71f095c512ed13aba6e8b6a25f1de5e8bdc45180b3583489a5fc9584

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD3P3RK\prefs-1.js

MD5 00b4b2161f8edcc39a8e62984f3d8837
SHA1 2bb69369ad67f2e22bd4d3f6ee3b53e1a91cf272
SHA256 c1c50a992b861a20933cccb043ce9011efd6a774aafc35d55db3b3f4004106a8
SHA512 d90214e2e64e634b73e8d51c937de12416eb7c4c7310e457aba3fe8cb7d052ad9d7eef1406d4fd66dad8e13704824ea7cf55892ab47d3079a2a3e338c1094675

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRNB8xj\compatibility.ini

MD5 b98780ea7b5f3f8d37f243e09a240856
SHA1 6af548e84ed4a3921ed43c61899185eba19d0060
SHA256 4014bc6fb4abeb320d459368da2b2873eb8f11bc17b0f87386bc199ff42e8a56
SHA512 4acd4ebc16eb58ae808866936c862f7c2d96694b11bf15e4a1e4261cbc16145833bf6c364cc231ae6b83fd8e01114f3c4f1d97d52dc9a467201168ab970ddb80

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRNB8xj\WebDriverBiDiServer.json

MD5 772a0157009197b1efae6297ae068ca9
SHA1 538230fb33444c1393101551d79c6e9098041a9e
SHA256 265af325735f2b8e5e6c8c4d8cb7525fd341db158e2eac08d42ed7118a69bf00
SHA512 d4c090ef9d171ac194812f55e6a067bb34f03a07af6a5d5db8c20520a1bc30c0ff4423f838a873d32747cf5f03681781879f54634ae279c949f2ddb4f7b7829d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRNB8xj\prefs-1.js

MD5 ec8fcdb62df8aeef82ace81590b36f5b
SHA1 0dd52c3123ce75d33892de55d27a21dab9ac8290
SHA256 061413085d6dde3a57f41badaeefc93a5358ac5bd181e4b8e4e9913fcccee5a0
SHA512 1cdd461b9257369f1951bd8aecbd0538635ebf0de4fe0e3921a0d901b1eab67c2d8f01d27df8d7a8726976ec61967b8985f4e4ac2fc1a8482d8336da597fd6e0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRNB8xj\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 b7e210b04d5995ddfebcd6cdc5cda054
SHA1 b68f710b209b0c046a15718ca997ea849c4919d2
SHA256 e5b7fb54a5cd38cd92307bfd3c1625c1d3630193345ab946b79c339d0718f5be
SHA512 c8be689a51c02abb4ddbee7fb44d3a94d4ee795a50a26b772b816f9edb5c191298fc91c95cb7669c57a1769ec0eeb0af7786bb270ea6500acf844f89c96ec6de

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRNB8xj\prefs-1.js

MD5 78b7dd4f3798648c562090f39ff7f9af
SHA1 a127f583b1fa9675c01a14d1bb88a39b005ec427
SHA256 cb54fd1e2e8ca2662053f66f6cc397c107a29fa0c03386e12ad18297f5c7dbab
SHA512 e3182ded856eadcc830a917d2d8be3e8d1bc65286061d78703889bc0b57fc8d242719e7400003b86ddc6fcee53ce97b1a12604c1b86d6fe304b63ff0fc6d9fb4

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:05

Reported

2024-05-09 01:15

Platform

win10-20240404-en

Max time kernel

301s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 772 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 772 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4380 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4380 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4380 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4380 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4620 wrote to memory of 1316 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4620 wrote to memory of 1316 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4380 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe
PID 4380 wrote to memory of 4820 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe
PID 4820 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4820 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe
PID 3484 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaSC5WS

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaSC5WS

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3484.0.1838630671\1776721613" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {30b1f472-1062-400f-a69a-6f8003fdf0c8} 3484 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3484.1.1175635903\355484129" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2712 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {a7614093-cd95-41ec-a9e3-c06140f57f5e} 3484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3484.2.1046755296\1031881873" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {85aa6cf8-c546-4846-a837-864852666733} 3484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3484.3.2059518932\1415832484" -childID 3 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {5c518a11-c5c0-4e64-8941-d2cd0c605317} 3484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3484.4.540217003\935395051" -childID 4 -isForBrowser -prefsHandle 2916 -prefMapHandle 2980 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {51173f9d-e22a-48e9-8807-e8ac56c7114c} 3484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3484.5.68487866\1986794340" -childID 5 -isForBrowser -prefsHandle 3764 -prefMapHandle 3768 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {5a591937-ae15-4275-8953-d3ee097ec713} 3484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3484.6.502433399\1259715808" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3984 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {3412101e-2fec-4562-b410-bab2df9c582d} 3484 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.0.1708645907\2116230569" -parentBuildID 20240416150000 -prefsHandle 1496 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {5b8b8089-09fd-4132-95d2-95d9f10568c3} 2620 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.1.1303849208\2058712268" -childID 1 -isForBrowser -prefsHandle 2480 -prefMapHandle 2436 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {8911c190-033c-410f-b8da-5781803523d6} 2620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.2.1233405156\1685538701" -childID 2 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {290a0aac-9ec0-425e-aa07-6c1b8452a72c} 2620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.3.1696627915\432054515" -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 2944 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {030a8225-efcf-4e29-a5f0-d2c7dc3e90d6} 2620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.4.590278683\1588886238" -childID 4 -isForBrowser -prefsHandle 1380 -prefMapHandle 3220 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {81fb5a08-c9a5-4f33-bdb6-92106caf4ad6} 2620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.5.192805145\1399399988" -childID 5 -isForBrowser -prefsHandle 3716 -prefMapHandle 3720 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {1a64bb3b-4780-4394-9b2d-f6fe980dde78} 2620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="2620.6.1538230943\1822838631" -childID 6 -isForBrowser -prefsHandle 3892 -prefMapHandle 3896 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {f2179a09-86b6-4ed5-8d77-a8a0dd45401e} 2620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilete17v7

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilete17v7

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4132.0.956401555\1353654999" -parentBuildID 20240416150000 -prefsHandle 1512 -prefMapHandle 1500 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {7f9cf37d-a499-4342-b6ec-68285a498a77} 4132 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4132.1.308995797\396001122" -childID 1 -isForBrowser -prefsHandle 2192 -prefMapHandle 2472 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1020 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {df7d31ac-dd23-4395-9527-28b38ad84095} 4132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4132.2.1499266554\762215121" -childID 2 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1020 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {4d315279-713c-4245-a2be-652103ed39ac} 4132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4132.3.352385257\2043809569" -childID 3 -isForBrowser -prefsHandle 3532 -prefMapHandle 3512 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1020 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {0c5299f3-b298-4d5b-86c2-4ae5b57ebe47} 4132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4132.4.896310764\68694108" -childID 4 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1020 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {07d7b5b5-3304-4c65-b316-94a5a7759997} 4132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4132.5.1965655029\1381455649" -childID 5 -isForBrowser -prefsHandle 3708 -prefMapHandle 3712 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1020 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {a6e23aec-24a8-477d-b700-22fbd0a2fa11} 4132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="4132.6.1812996462\763395365" -childID 6 -isForBrowser -prefsHandle 3840 -prefMapHandle 3844 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1020 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {aa044222-d95b-49d2-9636-278569adaf32} 4132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe --port 50046 --websocket-port 50047

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5UYHvF

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50047 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5UYHvF

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.0.2074986143\1328348768" -parentBuildID 20240416150000 -prefsHandle 1496 -prefMapHandle 1488 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {ac63adf9-bd5e-4add-abbf-c52bd0eb1582} 3340 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.1.1042410057\1379211917" -childID 1 -isForBrowser -prefsHandle 2528 -prefMapHandle 2296 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {8446301a-2066-41fd-824c-cd1f772e4a39} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.2.1437569432\1660564458" -childID 2 -isForBrowser -prefsHandle 2676 -prefMapHandle 2120 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {2249b2fa-3e88-464f-9110-cc46229d8c00} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.3.671237132\663514836" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3504 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {67ee22e0-ddc6-4e0a-bd33-97be21c4180c} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.4.949326956\1047488503" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {58014c7b-60a7-4284-8dcc-b5bfc187fe31} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.5.2044321801\361729096" -childID 5 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {b868c80f-d70e-4c24-906d-aab4d91bdd07} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.6.681882793\2037569542" -childID 6 -isForBrowser -prefsHandle 3892 -prefMapHandle 3896 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\browser" - {455d7b3f-a9fb-4a37-8b2b-0f61eda8d791} 3340 tab

Network

Country Destination Domain Proto
IN 194.195.115.114:9001 tcp
US 8.8.8.8:53 114.115.195.194.in-addr.arpa udp
DE 185.254.96.139:9000 tcp
DE 212.227.225.216:9001 tcp
US 8.8.8.8:53 216.225.227.212.in-addr.arpa udp
US 8.8.8.8:53 139.96.254.185.in-addr.arpa udp
DE 212.227.225.216:9001 tcp
N/A 127.0.0.1:50149 tcp
N/A 127.0.0.1:50151 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50244 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50252 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 185.254.96.139:9000 tcp
DE 185.254.96.139:9000 tcp
US 162.251.116.26:443 tcp
US 8.8.8.8:53 26.116.251.162.in-addr.arpa udp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50559 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50567 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50837 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50845 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:51126 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51134 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI7722\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI7722\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI7722\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI7722\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI7722\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI7722\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI7722\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI7722\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI7722\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI7722\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI7722\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI7722\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI7722\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI7722\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI7722\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI7722\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

\Users\Admin\AppData\Local\Temp\_MEI7722\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI7722\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp8lh9k51g\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI7722\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI7722\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI7722\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI7722\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI7722\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaSC5WS\extensions.json

MD5 455d70b2fab7b84c8a3dacacb109c4af
SHA1 9b32330d8dad36e716b38ebac2a47d04432e12b0
SHA256 6a9781ffa75e4ba0bd5e522f68fbf17029747728cbe2ed8fe0b31535659155ea
SHA512 d9c54339b05d5dfe6b8497f54bf137b0209ea270c1e86e388bd442602c3dd951227d3075827c761ad014c00ab76541cc0ccc7f479391a22c50d5e0182c88043d

memory/3484-550-0x0000024082050000-0x0000024082060000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaSC5WS\prefs-1.js

MD5 3d3ae40eeb1fd433bd3755bf94f79087
SHA1 858c19d1c510051c649aacbcd31c36940041e529
SHA256 2828ff4865e3eae6ae353d982ce7a4c8a61e6a5fb2e646a66d73c4f5edc342fd
SHA512 43102d0498f03571b3d6f3aaae2965e34ff9d4300b9296c156d35322e4691d7fa9c77ac2c66656d44ee7395020f4b02efdc2f9725141b0fe009e8a82666c2124

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaSC5WS\prefs-1.js

MD5 20b477abb253dae44d5f6226892512e0
SHA1 e709cd29d3e50075ff907f8de83fa8708135845c
SHA256 08849c68f68551f0ee2f7bf26d325d662400d672c30bcc7d94bc5ca9144d7a21
SHA512 40e2ff3c0672ca4bbd5106bb94b5164b97944c62c7522f1c4c8793f82660f076bec1a237533e16009ec5162c1b577299163e422467021c48decb470fba045a61

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 8868faf8482a01d0e763f163c90d77e2
SHA1 4243dadacfa46c78f86e01bbf25482e955460186
SHA256 1e977c26c6c38763872b8027a831851a05f7e7bed9cebfb24f7bae03ebc2bc1d
SHA512 8094550d0a7a598b9451afec47e6739681e73debaf25214588d58265b5e579706fad3abc25df14e80adba2898eb70ea62466c83fbbe1bfbdebe554878753cb04

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaSC5WS\prefs-1.js

MD5 4dc3c14ee4e7c82af4e26fbec436e0c7
SHA1 fb78ddb16f5331f53e5e633600344b280d38a750
SHA256 562fe833636aa70c4799c3d74ae043125df2520847c81c58259a21785a7e05b3
SHA512 9e9b05225576acd980751e875ef8413e48f5250b2b8e1a6a373e341ebcd9d63d1444cad98c90abd39686fe697fe0cf75b55b102b3e6da502a4ab8d0fdb7ba64a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2620-813-0x000001C5871E0000-0x000001C5871F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\prefs-1.js

MD5 179352e781870d929bf78199cb17b763
SHA1 dee4e7b3b27b0c81246bc8a15c80184843c83fdc
SHA256 4a4cf8dffeffcfcdf085d77f42479cdddddc5b37ba31a8117684f194bba7f5c2
SHA512 23270f4c2cd416567a1cc2b1bcb71a99e8b620bbb0a60eab4d1427cfc29274de0e47e5da337e2f3d5b010e2d14ce94727030cbd6505e1cef4fd735d551f35e9a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\prefs-1.js

MD5 697002db8e78fcbb2897dee313a070d0
SHA1 34c95bd14038336070868d9624458816757dbefa
SHA256 d82926593c63a24d816632d5267e878a8e00477db67615fef65ee422f78f5226
SHA512 bd2e955d21ed7fa11e5640cc3588c80d388badafbe4ab98de322f8fe5c3d81f1a953e906547d1cae997fd759eb73786e4f24a278eb95e6cdd4aecc7b4b4fa384

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehOBkuU\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilete17v7\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4132-1067-0x00000248D6880000-0x00000248D6890000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilete17v7\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/4132-1099-0x00000248CB2A0000-0x00000248CB410000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilete17v7\prefs-1.js

MD5 8dba1481a95723d9bd7c9b7cecab293f
SHA1 60701de56bd4e1a7f92c32585619aeeafa225eef
SHA256 1c8b4da71ad612fec1a3f32d800bcd00e0ba3d60036387c18257b37215d5a42d
SHA512 4ed8dd21fe5dc3806e87483316d1f41e94f73d6e96c1d02794ef7e1b809f24ea81390466177bd51327324b366682c2a5778e8d9943d729698476ea1d2780f6d7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilete17v7\prefs-1.js

MD5 cd821dbe1d77a4ed0b538f29959fdde8
SHA1 d341444380e433d08f014b592409265287ab7ee3
SHA256 4b62550e975d43c81fa9772f89e6c8ebaaa96186cba64126c83bd12cd250a447
SHA512 67cc3b47146f324c50177d2f7d52fb50a4e5057d5dca8721aa592d26751d348687863a42cb784c002dae00f9d90ca97e7cfd5897aebc5508f4bb7b71cf35f495

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5UYHvF\prefs.js

MD5 e45eca22233461aa5a76fdc3dcfac207
SHA1 921409107fe7171c9aa4fa8e5dcf03cfc80c4f55
SHA256 b1dfeb9cb03500669007b28d8079f168284a7c4971b851c06efe1176034998c8
SHA512 9709f739a27bc23af6a7de73e37fe7f7e195c81ceb9c76dda9a84df009224d71cb283fe6e46b3e2689380a14daed9504d2f7de7f32a1dfcbc5584bac7feb13c3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5UYHvF\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:05

Reported

2024-05-09 01:14

Platform

win7-20231129-en

Max time kernel

280s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2956 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2956 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2956 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2456 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2456 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2456 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2456 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2456 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2456 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2444 wrote to memory of 496 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2444 wrote to memory of 496 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2444 wrote to memory of 496 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2456 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe
PID 2456 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe
PID 2456 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe
PID 3024 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3024 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 2924 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4MXRe

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4MXRe

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.0.737088555\1143698337" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {02c025af-661d-4244-8035-da23596cbe79} 3056 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.1.1822558739\593628449" -childID 1 -isForBrowser -prefsHandle 1912 -prefMapHandle 1800 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {8c66ee2c-fadd-49c5-962b-228bdd72d7f3} 3056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.2.258702085\2136043780" -childID 2 -isForBrowser -prefsHandle 2236 -prefMapHandle 2164 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {004835d7-6bfd-45fe-80ea-d560a42917c9} 3056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.3.1278157330\1944701427" -childID 3 -isForBrowser -prefsHandle 2272 -prefMapHandle 2388 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {ed243d68-fad5-47f5-9a0d-ba3475638fd8} 3056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.4.1679860313\604570826" -childID 4 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {9306265c-8388-4293-8bd9-8816166ffc6d} 3056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.5.1531246279\1675939578" -childID 5 -isForBrowser -prefsHandle 2872 -prefMapHandle 2876 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {fc301254-f40e-4d18-8be6-6cd730fd7b47} 3056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.6.1207100799\1265912935" -childID 6 -isForBrowser -prefsHandle 3024 -prefMapHandle 3028 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {77bebb9f-8f25-46b2-9e81-c74e3e23b429} 3056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="3056.7.513656212\1539885712" -childID 7 -isForBrowser -prefsHandle 3192 -prefMapHandle 2032 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {3d7580a2-0936-4e25-913c-5f427f5f5397} 3056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.0.1472398142\1666123078" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {49190533-de43-4af9-a35e-77d8fb3903a5} 616 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.1.1692658599\342223533" -childID 1 -isForBrowser -prefsHandle 2024 -prefMapHandle 1752 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {8c5579a1-391e-406e-a6fc-9c35afd8a2dd} 616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.2.1548791533\903282625" -childID 2 -isForBrowser -prefsHandle 2248 -prefMapHandle 2244 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {0e82eb00-f14d-4c49-a558-da3fc4ba43bb} 616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.3.4390220\744114671" -childID 3 -isForBrowser -prefsHandle 2672 -prefMapHandle 2668 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {20147bed-06bc-4b04-8af8-46ed334a3d28} 616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.4.1926103841\36292535" -childID 4 -isForBrowser -prefsHandle 2296 -prefMapHandle 2696 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {b9d32828-9b38-40bc-9827-d239b8761796} 616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.5.1314085610\661181113" -childID 5 -isForBrowser -prefsHandle 2896 -prefMapHandle 2900 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {a27de45f-de88-4108-9e84-34cc23113b4c} 616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.6.591788512\375638626" -childID 6 -isForBrowser -prefsHandle 3052 -prefMapHandle 3056 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {7591640f-a622-4b74-b516-663b0c852161} 616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="616.7.2038560360\312635691" -childID 7 -isForBrowser -prefsHandle 3400 -prefMapHandle 3396 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {5a21dd11-e311-4aad-a68f-e00e375d12de} 616 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemhRwZx

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemhRwZx

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.0.1174127529\428401965" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {6d87f621-bfbd-49f4-b436-761b91fee22d} 812 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.1.1838275279\1082440420" -childID 1 -isForBrowser -prefsHandle 1868 -prefMapHandle 1896 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {d7b7e118-67fb-41d9-af0f-07d4d9465786} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.2.1000473079\339972878" -childID 2 -isForBrowser -prefsHandle 2344 -prefMapHandle 2348 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {a7813058-bb42-4882-b26c-1245ff1af165} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.3.1263110892\592353357" -childID 3 -isForBrowser -prefsHandle 2480 -prefMapHandle 2484 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {6dfa75f0-59f3-4845-a102-00b599de1d87} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.4.675768771\438911976" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 1076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {8eb17811-5724-45db-b2e3-6ca6dc16914d} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.5.226138767\1881106562" -childID 5 -isForBrowser -prefsHandle 2840 -prefMapHandle 2844 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {470751a3-7432-4b72-9343-ef841f7538f3} 812 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\firefox.exe" -contentproc --channel="812.6.1010498287\169429446" -childID 6 -isForBrowser -prefsHandle 2996 -prefMapHandle 3000 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\browser" - {1dcf5f62-57e0-4108-a485-c25362d01243} 812 tab

Network

Country Destination Domain Proto
NL 185.133.210.207:9001 tcp
US 199.195.251.119:9000 tcp
US 64.31.55.212:443 tcp
DE 84.19.188.216:443 tcp
NL 185.21.216.197:9091 tcp
SI 212.44.107.82:443 tcp
N/A 127.0.0.1:49502 tcp
N/A 127.0.0.1:49545 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49650 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49685 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:50206 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50241 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:50718 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50753 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

\Users\Admin\AppData\Local\Temp\_MEI29562\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI29562\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI29562\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI29562\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI29562\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI29562\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI29562\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe

MD5 4894f67634655cd4d0bb25d327a92a67
SHA1 b89f4c1f1529dae9d0c8da99bfe5c65d8a05e500
SHA256 85bcaa37915841f59fdc6f5ae58d5a1413ad383ff5cc79a80b5585a9430f6321
SHA512 d03cb2e2937507cfe66526663fa04bc9f47fc24ff7d319687b7d9fa9d188a3959f8dfc4fb58a01c8cae2406a3285a3fb5a7a459ad3a2b41c873fb913110e6333

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 76751f2f03b393fca965628f50b0c8c3
SHA1 a172d5c43e37ca1e00234426cdf751ffaa0f494a
SHA256 5470d18e2c1a49035a23416e6d35e6eacd8f2f8492e40e93bbfbd673aea328db
SHA512 8f451ae2d118eacceb410ecc4779be90c911aff0bb0f0aae5827c1488deab0f77b236f61ac525fef4253c12730c3f2acb4ccf5df411e1c09a947e665ca554bd1

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmprhl8qyf4\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7d6384160fc08e8462405b48c58d422d
SHA1 d83b6062f5e178867731c73ca85ebce36e31c806
SHA256 8877695be8bed60e85e844422198d7408abba4ee16d362a9c8f514b85e3365d7
SHA512 168e240ecec07bd2c9b6bfe8afe228662e6d6c42b4f2bf2349fb9d8aebb5fc4fc624ffd0c5bf91ce51b2ccef3cff33133188997bf9aad97a633552c5eb9ecf10

\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 03e2510e66fa7eb48f43e359f5a21fa1
SHA1 d72c6ad44bb13efc50622bcb4991f132f3062fbb
SHA256 e11dcae1fb4da440922faaed3b29302f128209e34db10a627ed407c91d891a98
SHA512 28d600811f378fb8a9cb126f560893a285d62fe8c3fb9dd86110af7c7ee2d1b440f923949099d7503fd7c78f1270341c78ceda43ab9fa4c6a2481062fc57d573

C:\Users\Admin\AppData\Local\Temp\_MEI29562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\tmprhl8qyf4\webdriver-py-profilecopy\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

\Users\Admin\AppData\Local\Temp\_MEI29562\libcrypto-1_1.dll

MD5 95c6303a3959e746ad2a37f0558a73fc
SHA1 4dbe9ce43c9b894947d6388f13b639e6e321d9bf
SHA256 0e2e78ee499687bee1e30a492c67acb68efb77d12f33b951f964aca1469be98e
SHA512 7962ffd5bd58495b8b1856c45b6f7ace65378d60f249208d6f883b5e851e95bbb82d1eba2ad563c3747b65db4ace85bcedf0330e6fa856a218dc1a7df11454e4

\Users\Admin\AppData\Local\Temp\_MEI29562\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI29562\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI29562\top-1m.csv

MD5 c4d458026e1759eff31a5fb49ff793fb
SHA1 32e8ac85d342cbd2e1c909ad4821184209950cbb
SHA256 78bc68cd64accff5336bdb0cca3efe482adfff8ab73c3289f3d211585cc439a3
SHA512 208fbe484cffed3bcf502abc9dd123a4efa47fb41d5378cbe135c598f15d63fa311b29d9a6240e4151b6aeef6e38a63f0a9a61fe189494c5def294bbb2aaf687

C:\Users\Admin\AppData\Local\Temp\_MEI29562\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI29562\nss3.dll

MD5 994bfc2fc10158225503b93c393502ce
SHA1 66026e54aa8b516df5363571774dc234da41be9a
SHA256 0f24198a691bf78dbc6e6d69698307c9f9834dd7615f96508204d365fee188e1
SHA512 2233393819136e00ed4d0ba4af07528d6a73e0dce0b85793479fa500f03d3e55820618428d2b85af6c316726593c1c056964adf5823ab4135a236bc3801b6abe

C:\Users\Admin\AppData\Local\Temp\_MEI29562\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI29562\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI29562\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI29562\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI29562\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI29562\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI29562\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI29562\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI29562\python38.dll

MD5 82cb609d6d313b55ef2182e1710dbe33
SHA1 78a68e3f7e79a0f79946cc4a47f9f76ed613f8d3
SHA256 9366df6f041b91067dc5027adef7d81b554ca1d8ce28cebef2596e08b18ceb7b
SHA512 de159901a8b69599170a53e4a6b61eddcbcb0c76fddc0eea5aa22af44032b10b45c36287f37cd500db5d88a8db8c96aea25b0d3e02cf91ecf90043fe6aa21081

C:\Users\Admin\AppData\Local\Temp\_MEI29562\python38.dll

MD5 98519a6b1b8c3cad048f71453b1211e1
SHA1 b16056a5135e9b41af5dbb69042b106b27e33f3e
SHA256 45d6a5d807367599364c608dc062c6ec81def71f47c495f5d4f9eb15ad58d448
SHA512 8e68a1a01154775326e44589b16ce99e777f6aa4f2844e9ec7763de8a55dd56b97fce30a6c7340f24c51fe4c969f78dc8c53b87face365b7f7e07ff7c6528092

memory/3056-662-0x000000000B8B0000-0x000000000B8C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 4c17d8aab9d46a4167d874cad4e3a7e3
SHA1 243133d6f00280d4a85c5700c178e5801020a193
SHA256 6cf46d9fa63bb1c4d252204aae09e4f5f5ea0ffe634a1cf7b30272d8a1f334f9
SHA512 2880b24cd4cf54e494bf939e59f2b4180e68f7372a6a55e3c378652df4c1f5d45a443b07c6ea47a7363c939e94c0d57a2eb16462acbd92d232e4a7a218ac4f6a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4MXRe\extensions.json

MD5 761d0985e6c0172140cd9936dc7f668c
SHA1 6953d75d9082ab37a55910e957637aac68ac5ec5
SHA256 760b1a458c26172a21c9af99dae4259f7f29a5335390d66f9872c0fc41254f67
SHA512 25a06c3daba1fd49fd01cff7f8cfefb9c23eaf592388545a1e2feb82baf3c8153b1bb0d878aae2bad73bc14d906e313ca6e25e1e1de2e16514fbc21e4b4415f9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4MXRe\prefs-1.js

MD5 964f49fad62de9aa32c9caaed2d1f310
SHA1 76f979b652c74b7aa3941e78f78e4de96d16a5e1
SHA256 2f24232492b6ad475b8788f0c3b27f5082973f26a34eca7d901a7a394815b3df
SHA512 75be95a25872f728aaaa648cea66a3661beda38453a9cd04f6c876c8c4f16794fed265b5ab5e785c40cf064c2af29dd938faee58ae5593772959650ff3b8c7c2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4MXRe\prefs-1.js

MD5 df302ac8f11ee8fec8e7cfa62563a42b
SHA1 d8903bf44be7f64a7f17b986c01287dd91c39c6a
SHA256 c8710a6fb30c7bea2e8e7586b494711d00fc8ce871c562cf8fe3c84777525638
SHA512 9869223a6e8bbc6c1a670975a5c94b45e262f0dbc2fcb0884460aaf274b43f7f8f461007569793d1c3d05cc9ba87e27904e2fe73688d576fe57c65893619cd8a

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a0c4cf9aba0995446fd4cec156771a6c
SHA1 15dc75b298034a6ba89124ee9c87a218c8bc1c1c
SHA256 471898a626f556d605d6d6d1881c780ce5efb2468564f9461d7dc73f5bfd6479
SHA512 c16d70ec2d1eda90c2bbf1fa00287c3698d3d0a14fb506a52cbb7d231e75c277742a36cd6f233b51c54721eaf789a2ee9fdfd7437f56c6f35b15e0fbe1e72c20

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4MXRe\prefs-1.js

MD5 d28fca0bb202b716d2a604c3b35c50dc
SHA1 88fc417ac8dfc79aadb450660e65db4e62a0afc0
SHA256 14620bb3946fe8eeba882772e3c2a86418d72ecd4b6bae05d4355adc5058b9b1
SHA512 c7090b3984200e71977dd0865100303afa7760daae890dee7afce731b82e0a1a0a73f4737d78c876defe159917592d8660269b28dc704f8760e61376a62bdcf6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiles4MXRe\prefs.js

MD5 c7669c26db0cb02ae5237512b9d40913
SHA1 a66215ea2cdc6514404a40b44018fcf7eab5d675
SHA256 9169d178a0e3bc4f4d1c392bb9e6f90ba4f7755a7c7c74761e781f497fdcaa38
SHA512 159ab27ce1c99906a1a73517568d58472a9dd40ad5759924ec9d1b207497ad65569b2d43dab8390f04e02ffa4905328d34978989882ca8c6a39dd022d14b9f31

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\prefs.js

MD5 2c725704c7e2a37a5a054c45c113bf11
SHA1 fb1260047d2c9bbacf7a5139bf6b2e64812eac73
SHA256 63dff1b6918a60811ab68c54feeb08f7f662e3f057e4c72b1703df48198b020b
SHA512 dc014e938f525708120cc021c59d2de9038619394de057b21ecaef70fed7f3efb170f2225b2b23a8b70f0bf6ea57cb4f2208d99332f2dbcf39fb0a42607ad734

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\startupCache\webext.sc.lz4

MD5 e65d5ba63b70bc5e93c93819c48081df
SHA1 15bb2adf1506d267c01a304f505257ad11d4330a
SHA256 f8915603ab0577f4b0c641e48388798f93136bf5dc4bf206b5c008b7fa9acdc9
SHA512 981cfe9827d5aa914808dc789281dcb8389cc6f4cb84f62363d43214f7034fcb56a2ababcbeb0396d639c60df3acd3abccf466b415ba536c513174238281da91

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\prefs.js

MD5 00c0ea05651dd9224a62d0635a1604e7
SHA1 63c88a9b2c93df948ff3c756b305f0aea6757ed9
SHA256 36edb255de1989ce65244547de50c7926e4125c17a4171b1953290a473b131bd
SHA512 285d4367903cd6ab4e9afd890f91d568764585be63ce677a9e8c52808a2713ab50dbacc1d06ca8b1e25495305e56ae5809e8f86e3f0e6201bc909c5eb7e077df

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\prefs-1.js

MD5 3295d01e930907adf2d746450e2bd2fc
SHA1 0d62880258ad29049c887611afe926556ec7645d
SHA256 0a6a672696a88a7f675cb80d0600999d56189e2c209a55a4ca52b5857ddcc7ff
SHA512 8377a08c4523ab95bb39aeb13ad422ac53d01195851edb66ce81a30afc49c29b101e2cc6cf23c36251214a7b8ef7e9616514a3ecbd0fe2580200044ad4e69584

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBlH1A\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemhRwZx\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemhRwZx\prefs.js

MD5 b52c009cfe5c207a3c02854c98c124ed
SHA1 1992d27ed0d9abc1c5571204d45b01146d32bc03
SHA256 3c95fdf128732f2ec39e3170f76f5f9ffe38f741c275d905866c41a22aebdb81
SHA512 aca2bd6b6b40a14f7774b859c2aae90bdf7e24f500c3cdaa018233e1b03499dac46c4652240fde210ab8c7e6e7058d2c3306ecc47869b00b9a63a4bb32b85131

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemhRwZx\prefs-1.js

MD5 ae97b72ab64dd1ca5367cc84c040fd05
SHA1 211113b0931561925691e28e9ecad6a18091b8e3
SHA256 26cf0bf83b07e4ba186360e6ab321db15163a11ea333e2daad0b171cc17ce163
SHA512 0aa4af911840f0281db484c45291ffe7a17a5f39585627442216573d8d46256f17184f521462f4b781416da9a1f8563b9a77d26788b30a4479dd3f90eb4b8610

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemhRwZx\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemhRwZx\prefs-1.js

MD5 98cc79cb420d4ac1ecd02e9f26502ae6
SHA1 d2767054de4ad9257e8d1652c32fe3ac874cfbb0
SHA256 d14ce182c417e16af256f83ef2dd1e31c1f7eee52fb356b4d2f8d55dde25fa32
SHA512 1178ffaa73f6a7886b5beae09a25a8042b794074f6f14db8a40fb7a423230251f0debb9c17d6f5dc553b3dc0fcd57b545026e8d455df070d065543f9cc894ed9

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:05

Reported

2024-05-09 01:16

Platform

win10v2004-20240226-en

Max time kernel

304s

Max time network

346s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3200 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3200 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1088 wrote to memory of 4668 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1088 wrote to memory of 4668 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3540 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 3540 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 2888 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe
PID 1988 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe --port 50078 --websocket-port 50079

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1988.0.205025348\1832173558" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {d9849cd4-1ac9-4bfc-a83b-116f8187cfdd} 1988 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1988.1.182934405\1534274352" -childID 1 -isForBrowser -prefsHandle 2564 -prefMapHandle 2636 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {4c3d0b6a-ed70-46dd-9c1d-1ac363e42d8c} 1988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1988.2.1797720135\1671587469" -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {fce20831-c6e8-4980-aae3-8d72947ab49f} 1988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1988.3.808558536\45700384" -childID 3 -isForBrowser -prefsHandle 3876 -prefMapHandle 3808 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {fc1f1111-e3d0-44be-bafb-6d8b88c6fea4} 1988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1988.4.2021880150\423734047" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3224 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {d09593f1-afda-427e-a705-cd868a906344} 1988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1988.5.1008381622\1051290536" -childID 5 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {2ff75010-58b5-49cf-aa1c-bb37b9b34316} 1988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1988.6.2123384845\1935207950" -childID 6 -isForBrowser -prefsHandle 4308 -prefMapHandle 4312 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1336 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {8f6cf202-f36d-4f16-8a5f-f673cdf860d0} 1988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe --port 50078 --websocket-port 50079

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.0.668095659\1518417867" -parentBuildID 20240416150000 -prefsHandle 1656 -prefMapHandle 1648 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {8596f09e-d843-40b2-bd72-ff34019abc38} 2268 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.1.565304715\1348143825" -childID 1 -isForBrowser -prefsHandle 2384 -prefMapHandle 2472 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {cca09cd8-ff55-45f7-a78f-9e3ba4058025} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.2.1767217768\1924148842" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {0a1c4df3-e357-4eba-9b05-70265b48fb96} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.3.700104313\1409017436" -childID 3 -isForBrowser -prefsHandle 3220 -prefMapHandle 3232 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {ff8aa739-1a94-4302-8f30-cb1f71fb42ea} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.4.1571242648\1399228925" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3932 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {bb774683-ded8-4ebf-97c1-fd4108015a7e} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.5.1316313707\161269886" -childID 5 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {c02db177-00e1-4a41-8fe6-81d22ea49bc4} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.6.1945453888\36850630" -childID 6 -isForBrowser -prefsHandle 4180 -prefMapHandle 4176 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {6bc8681e-862e-4370-8639-6992e785114c} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.7.1273226842\648953588" -childID 7 -isForBrowser -prefsHandle 4108 -prefMapHandle 3240 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {ed1ff29b-3245-4953-9ea2-9019163c27c0} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe --port 50078 --websocket-port 50079

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfwWKj

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfwWKj

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4768.0.808681902\73758002" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {cafb2dc5-fe76-4822-a337-0dbf824dbe14} 4768 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4768.1.130641880\1769745124" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2660 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1200 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {1ab18a7e-69b0-4e25-b5c7-7813d7b489bf} 4768 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4768.2.1563471703\1840867835" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1200 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {131c5c4f-deb2-41f8-b73e-3c5d029a2c6d} 4768 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4768.3.951230408\260303496" -childID 3 -isForBrowser -prefsHandle 3880 -prefMapHandle 3844 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1200 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {a45245b8-5599-4e68-8517-02c2b4002488} 4768 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4768.4.271714895\1842920798" -childID 4 -isForBrowser -prefsHandle 3640 -prefMapHandle 3284 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1200 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {4329f194-710f-493d-82c6-17df86200b51} 4768 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4768.5.2094854713\1294985775" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1200 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {51a4837e-8f53-4529-b759-f868eedf101b} 4768 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4768.6.2055535327\96929137" -childID 6 -isForBrowser -prefsHandle 4160 -prefMapHandle 4164 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1200 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {06e70f27-a935-4fa1-820d-855dd94457b2} 4768 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe --port 50078 --websocket-port 50079

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.0.1371835350\1422913055" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {d0d0416d-f11e-4376-9af4-ca0539f702d1} 4236 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.1.1045875491\84373399" -childID 1 -isForBrowser -prefsHandle 856 -prefMapHandle 1236 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {42751bfc-c8b6-491a-b0fc-c0b79479b530} 4236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.2.109225251\1673384576" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {5a4fffcf-790a-446a-b3a3-14e212dbf49b} 4236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.3.2102425277\1363123938" -childID 3 -isForBrowser -prefsHandle 3288 -prefMapHandle 3276 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {bf6b1dcc-dafc-4d97-a6f4-95e22f15cd5d} 4236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.4.1538361000\1980653171" -childID 4 -isForBrowser -prefsHandle 3936 -prefMapHandle 3592 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {47e0d72c-7055-42dc-8689-9d1c41bb1c88} 4236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.5.1462772260\110639946" -childID 5 -isForBrowser -prefsHandle 3592 -prefMapHandle 3936 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {09142dc2-e95f-423b-a51b-aeb595f99e2a} 4236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.6.436115185\969638288" -childID 6 -isForBrowser -prefsHandle 4220 -prefMapHandle 4224 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {0cca2bce-aa7c-47c3-8b29-3eed3f16f554} 4236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4236.7.169879558\1047722700" -childID 7 -isForBrowser -prefsHandle 4652 -prefMapHandle 4656 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {1836f335-b5f1-4a29-8bfa-d5e2983c045f} 4236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe --port 50078 --websocket-port 50079

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.0.1660863129\1843575731" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {a6a079a7-2de7-43d1-bdc7-c52215c76c37} 2164 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.1.1937902492\1159408489" -childID 1 -isForBrowser -prefsHandle 2424 -prefMapHandle 2608 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {9ef087fd-9995-4c47-a9a4-55b12d5ebeed} 2164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.2.806013595\309693444" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {c96983ed-7276-4dee-a290-daf093273abe} 2164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.3.2116887540\616253488" -childID 3 -isForBrowser -prefsHandle 3192 -prefMapHandle 3236 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {35043d4a-f263-45c5-8eb6-09d0bb240ab4} 2164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.4.527241678\1315296459" -childID 4 -isForBrowser -prefsHandle 3604 -prefMapHandle 3616 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {4d2b6c26-90e0-4d69-bfda-4facf6df328e} 2164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.5.733057213\368578794" -childID 5 -isForBrowser -prefsHandle 3808 -prefMapHandle 3812 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {a1cbba48-62f2-4bb4-a3e8-5f9fafe4a2be} 2164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.6.1847151184\1461400442" -childID 6 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {9c12c766-365e-4419-a4fe-bdb15366d869} 2164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2164.7.112804427\1376449305" -childID 7 -isForBrowser -prefsHandle 4380 -prefMapHandle 4312 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {f8d817b0-cfcf-45ab-bfd2-ffb016087f6a} 2164 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe --port 50078 --websocket-port 50079

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVj0fzM

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50079 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVj0fzM

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.0.2047208328\996142272" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {e7819aa9-f958-41a2-a428-c79618ecdd4a} 184 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.1.1422089917\1929726600" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {db0a70bf-21f9-4462-855b-0df75ac686dc} 184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.2.651590672\1639978548" -childID 2 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {39f3a202-9c9c-4efe-a20e-4c3283adac69} 184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.3.2037111411\168987754" -childID 3 -isForBrowser -prefsHandle 3608 -prefMapHandle 3600 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {cd10b4eb-3d02-4842-9eac-4f05d2f9f55c} 184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.4.2001733754\1851802092" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {bcb8b31f-e48a-49aa-879b-98dd26c04350} 184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.5.958469465\2058787033" -parentBuildID 20240416150000 -prefsHandle 4288 -prefMapHandle 4376 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {c0aa5525-09c0-403e-9130-860a02d5a457} 184 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.6.1221977493\1567600560" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4396 -prefMapHandle 4100 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {fe2c453d-2baa-45ed-b469-f3900da4bce3} 184 utility

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.7.823474580\2027801387" -childID 5 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {62fa6c74-1d16-48b1-859c-8fa2d861aa3c} 184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.8.1532558804\830662963" -childID 6 -isForBrowser -prefsHandle 4700 -prefMapHandle 4704 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {76437095-80b1-4e5a-b487-5e44dda9da1c} 184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe" -contentproc --channel="184.9.2095562649\1024962847" -childID 7 -isForBrowser -prefsHandle 4916 -prefMapHandle 4920 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser" - {384eb3cc-6dcd-4d04-b7c2-6f54e766df65} 184 tab

Network

Country Destination Domain Proto
GB 23.44.234.16:80 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
GB 198.244.212.57:443 tcp
US 8.8.8.8:53 57.212.244.198.in-addr.arpa udp
DE 144.91.125.239:9001 tcp
US 8.8.8.8:53 239.125.91.144.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
CA 149.56.126.142:9001 tcp
DE 46.38.255.10:1443 tcp
US 8.8.8.8:53 10.255.38.46.in-addr.arpa udp
US 8.8.8.8:53 142.126.56.149.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
N/A 127.0.0.1:50083 tcp
N/A 127.0.0.1:50085 tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50169 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:50199 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 234.17.178.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 2.18.190.77:80 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50555 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50563 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50905 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50913 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:51166 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51174 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:51466 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51474 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:50078 tcp
N/A 127.0.0.1:51814 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51822 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI32002\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI32002\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI32002\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI32002\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI32002\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI32002\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI32002\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI32002\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI32002\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI32002\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI32002\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI32002\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI32002\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Local\Temp\_MEI32002\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI32002\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\platform.ini

MD5 dbd13fbacf188bef2f975a51733dbdc1
SHA1 c9236eedaac8b762c3e6696ee88612da5a1e6eea
SHA256 ad6d5ddf3d3fcce3d620539698a36866cceb61ed7d661440cccc8dd66d34f710
SHA512 60a8365794f0986e8b5703b615a8dbc58c01174740cfb82635ab3bbc8e2590ddb37d6e6ad16ea37dbd47cb4d139d551780eec0c820c7555ebcad4cf5438f2b34

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\application.ini

MD5 ab947ec0279bde059e96676415be96ac
SHA1 cfd74c50ee25e44d272ce8dfcfdfc04d01a819d3
SHA256 7c83ee03662773852365b76833b4bade0ce73caae6d6edb615cf48a410e9c8d8
SHA512 d4348af6797ab64184929a6c47433f3227f50267c1f5bd302296b5653d7233f83111e415aab5ea47cef2431a675f7d0f53b0ca4c40736cc605f069c3e63f8101

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\dependentlibs.list

MD5 70b1d09d91bc834e84a48a259f7c1ee9
SHA1 592ddaec59f760c0afe677ad3001f4b1a85bb3c0
SHA256 2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce
SHA512 b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

MD5 5b0cb2afa381416690d2b48a5534fe41
SHA1 5c7d290a828ca789ea3cf496e563324133d95e06
SHA256 11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c
SHA512 0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\omni.ja

MD5 fd87ac3bc042c8394515dac7f25d486a
SHA1 431e4e515b6a7d4a5d654f1685abc9984f468c89
SHA256 e84cbf9c54b4b99b9e4c987b5461c94b1fc4b9b68434705270f065a64dc351d6
SHA512 c19b97b8a0855a167f4703fbc4fe98bbd44fa3bcdbb6907d876249b1fae8c21396e221113cb5747bf0eba6966e549b11d6aead6567109263e1579f225c09b864

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\browser\omni.ja

MD5 683d0bdd9fd1ce8abec5d49c75100c9d
SHA1 e6e79d99d5f6c1a7403ad8d65a93369efafc458c
SHA256 b42e76b5837c73bc0fe1f8d6109eed8db4fc41a0c0d7d06884d1a1970df45820
SHA512 88350f0c866ec2e45b46ba0dd501b8853679eba6f0bd6cdb35aa28c435f22784b674003fe24fbb85dfa93e40ac634168f306261c1dd8d787371ef5b39fa88ece

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\compatibility.ini

MD5 1a004e76d7705364b587f63168adcc1c
SHA1 fa81b28d2599e14b53ea66d4d2a173e16ca41f4d
SHA256 a2d2f71df68cdcf54740898ac9a271d3fe9966915fe707600e793a1b74baf86e
SHA512 a7d5887766c2d581742f57787d54c83260f54521b0cd77c9d74c7668aef480de607754279054c9af94f50f3d85214ed55d3692b8fc44bf7a21eeed2097fd3abb

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\defaults\pref\channel-prefs.js

MD5 3d84d108d421f30fb3c5ef2536d2a3eb
SHA1 0f3b02737462227a9b9e471f075357c9112f0a68
SHA256 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b
SHA512 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf

MD5 bd4c30081a164037311e8712423c5bf2
SHA1 2a13bc7987ca34644b075c1fe197ba293b4ca527
SHA256 bc19f17d7f6e8f280c2cc95ef6d1b67fac25becfe98722f482039a4d84f3c9ba
SHA512 2a20d113b73cbca311d08dba40dcb7f8ab9d5383f7590b61b785070f77204db9ab163557a420c6c96ede815643f82ffdf75bc59b5802284779ff237616734c66

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSansBengali-Regular.ttf

MD5 7b5138efef2c02dda9cfae9917cd913f
SHA1 b44b58f354c4a68e119df226f01ad763b2d1025c
SHA256 9f8b4dd091f19b111d24ea18daae81bea8684cc67de17ea1acd797e144bf20ba
SHA512 47e4cfd2218c91080fc4ccc3ac13dabe9efb7c96b981d53577177fb062973b9fad0052edcf2b0c663ff3b7a1d9e38e96586c93cb72618d64344b96e3df13204c

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSansBatak-Regular.ttf

MD5 9390ee64243e5335b79e33e5e8311341
SHA1 c8d4b3ab79f6b12311eb4e4da29e709e583b5870
SHA256 cff9f0e51e7f1d95934cac31d9ad43ba453ee308c7b46a27803dc7e2e6c3adef
SHA512 ad7b23dab247c5c71298c5023bc58bd1d00160145558d86ab75dd37de1f1017540bac544cd9bf1cb2802d19d2973c0cf189d05a980777de886ffb552ae923bc0

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSansBassaVah-Regular.ttf

MD5 778376d22591a4a98bf83ac555ddf413
SHA1 608172ca18450b4cc61ff6cc155f66cff55c5bf9
SHA256 8218239377452e05634a91ee8a4338daf0aa96a15673a437533a098eb9c06f53
SHA512 e895a03374a3d3da04554cd048191722652ed4f1f7cc91639354843138ce26aea6c7f2da0ecda47eb76bcdd61a0315cc2e35e080a5953c24d82f4e94ce4aa260

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSansBamum-Regular.ttf

MD5 f0b22427c3ddce97435c84ce50239878
SHA1 a4a61de819c79dc743df4c5b152382f7e2e7168d
SHA256 0282610e6923d06a4d120cff3824e829b4535a8c4c57c07e11dbe73475541084
SHA512 ff2b22e58597d0ba19562c36f03cf83b5f327eee27f979c9ff84fe35a21b1fc9234f21fdb35fb95f933c79b9cf7760328d29b31480153da59a6576cf5f7f544e

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSansBalinese-Regular.ttf

MD5 12764d72c2cee67144991a62e8e0d1c5
SHA1 f61be58fea99ad23ef720fbc189673a6e3fd6a64
SHA256 194e110cb1e3f1938def209e152a8007fe5a8b0db5b7ce46a2de6e346667e43d
SHA512 fb670a7dbb57465d6384cd5c3a35356e94bf54ac4cb7578e67c8729ff982943b99c95b57f6059443e3e8b56d8c8d2cfc6e81ae3a1cf07306f91c3a96e4883906

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSansAdlam-Regular.ttf

MD5 ac01114123630edca1bd86dc859c65e7
SHA1 f7e68b5f5e52814121077d40a845a90214b29d41
SHA256 1b7b86711479fbfd060ed38abe1258246b4be2826760e6827287958218bb3f5c
SHA512 1c9ac878ba12f3de207aa9a7eb8c0239f769f9ae7475fec998e998192aa6900fe146039ac982612c6c0b7e5363355f2803d8f62e4787c0908c883ac3796e2a9b

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoSans-Regular.ttf

MD5 e782457ebb0389715abdf5a9e20b3234
SHA1 e0d9ad78d1972d056d015452ed8dee529e8bb24b
SHA256 0e90d375cdb64f088a6a676eb560b755afa184e523fefbb9c33fdda4d7dd8461
SHA512 3ec030fdaa18f90bd8060466276c9ec49fd9233746e603d61a4f65a9a53e97e7b3382f8f913da17c48ffefc8adcf2be25f7e1c51f16555068b8f344a4e6dd961

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

MD5 27dfbbe8ee4015763e3c51d73474e94a
SHA1 4328cdc9a3f9c6b7df0624c81afbd3459f213e40
SHA256 b4fe7b745c5b40e5d6294a883afcb8b4264b88d331fd0b4620050441479f391e
SHA512 42cc921fee7bad58ee1fac12eb8153b580b5d9d6ed510d5df4bd4be754ef1b017c987051385d828b70de050340f9629be7b385d0338c9db6e0f9f51543387375

C:\Users\Admin\AppData\Local\Temp\_MEI32002\Tor Browser\Browser\fonts\000_README.txt

MD5 793eae5fb25086c0e169081b6034a053
SHA1 3c7cc102c8fcaf3dcbe48c3f8b17ec0f45dcc475
SHA256 14e396a360e5f9c5833dc71131d0b909f7b24c902b74f31a7a3d78d5aa0fa980
SHA512 5e949be232df14bf7bfb679986a16f4a613439f5b5e71271abbfbf74296b43c977510fd6403702139ffd77dd3369e054dbe086e0188fff4f436f3505654e1f70

memory/2712-367-0x00007FFE8C890000-0x00007FFE8C891000-memory.dmp

memory/2712-366-0x00007FFE8D1E0000-0x00007FFE8D1E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\prefs.js

MD5 6f12caf12379584f460a5fca933f5ec8
SHA1 f8656df591ab9abdc34ba0e0231d3f60d3b0bd8a
SHA256 dd6373c5f07c0676d373a5f3464ab76df111963b87c8708a97460125bdd39cc8
SHA512 e5b802e7e5aca2e288ee2d78377a9cbd15f67872c2ee6c72c17e591896791bc8f3867ce24fe6e23aaf8df0b7a8916524460c9b64202a1149a733b1aa87c25fe1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\prefs-1.js

MD5 ce1bf90d145751268838e92e55951f64
SHA1 c4ef7512296d8ee53f4f763c056313a12d9bf4b2
SHA256 348857aafbb7b92beb4a65be1414d1537983ecf07e575da1b87e220e446ed768
SHA512 928e0ffc06526b8501fcd88e5fb45a3ba9875ca28c8b0d479b0893a4df0b338938ea71c238cade3bdb896674c4fa883c44bd3601ead3d632cbbb1372f6c3fdec

memory/3876-417-0x0000027F88CF0000-0x0000027F88D20000-memory.dmp

memory/1988-440-0x000001E463810000-0x000001E463980000-memory.dmp

memory/1988-436-0x000001E46F850000-0x000001E46F860000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\extensions.json

MD5 567f927c171e107f6a1f99aabe1b5d31
SHA1 b41a4d55baeb6871d45de963530fc7e3ae38fb76
SHA256 5bdf0b0461d176fb7a1168c87ab779e64f41af3df7da63889b89e589ddde7b90
SHA512 db668b73a225b0dbea63b7e08004b59a9b1da4b2cb0c2e2ddaaec9c766d2d6fc298605e06d8e4e97ee87c880a7cb764a5edc6cab4d6b89798ccc9463dca358ac

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\addonStartup.json.lz4

MD5 4224932a47d694c107ca69b770a540b1
SHA1 0cc178bc82c9cb83f324f48ec3dad95acb572cfc
SHA256 41d8c171085cf7dbd4276564624f7ed126500025d7c47f18b45d986517b4a297
SHA512 2f40d917c27cb706c61f72c1bc496ff983af1b78337f45134fb372082b21e8c1e465856b425638853b74a3e334100211c5fb7a554fda7070b6fa3c9c3921daed

memory/2712-482-0x000002004E3A0000-0x000002004E3D0000-memory.dmp

memory/3968-490-0x0000022C8B960000-0x0000022C8B990000-memory.dmp

memory/5108-491-0x000001311BF80000-0x000001311BFB0000-memory.dmp

memory/3772-492-0x000001EAB6600000-0x000001EAB6630000-memory.dmp

memory/644-493-0x00000194FFAD0000-0x00000194FFB00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\prefs-1.js

MD5 c7095ebbe59882239ea16f5b2097820a
SHA1 f1dbf2b4184be30748888ad42e962bd625cf73c7
SHA256 257951b1aab1ff2e5f5e6ec5cd3d1428571c342237527a32e074544d719a6c72
SHA512 95d8632b0e0f8a5fc5d89f21b5686923ac0b0486c759d10700af91a38512ddc4370a4f712198c464c9b40c0f2282172634e8cb7eec0e11549dfed952d78403d7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\prefs-1.js

MD5 c3192f302baf2c26cfc1e007533e34b7
SHA1 a7e5d044e9b4f610ca546038385ef7baf5ffd012
SHA256 af8e871c0f02d46f16a306bf5f5cf6a982d3af2b9e25d559b8b1c8aac215ac86
SHA512 167302cf441e98d7f18b877f45b76584ac9fc551c12b584e0bc95780f973a847f24dbef34a29b1407fdd4d5e1b0b9b0272223b0bf8d09a2599214eb488dc8812

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 07acf0db8c2717843e9f2c1bc949c38d
SHA1 c7ec8f79d84035e767aa5bc362326da8dfcde768
SHA256 4fe352a3b2c36b0869e6392a95453b5ea022a7d079f1faad2d796b4c756a08e9
SHA512 d8ffd1e45e477c589661bae33f0649c93dcddcb9ea4602ed059b8a50db2f657458a879d33722f0ad1e0329d15c9f7d0cfbb88bef83c8f16f1c795025d4003ee4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJGkn4Q\prefs-1.js

MD5 763a539a95a11a2978d7c7760ad931bb
SHA1 9f32a3cbe8fb9e45ccb22d54aef3522753f0672b
SHA256 21816cdbba3c771ebf6c2831c0910278900bdeebdfb40e020ea1fc03c48fd07f
SHA512 4aa057811c65c60a3090cdfee58ec1c65742151a2a8632d8149663252a9fa916f4fd942552dc2164cedaaf145c5b8e508944f5d5b429ee57d9467a4c2bead81f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\prefs-1.js

MD5 d7533a642c0339725a5df063452b29fd
SHA1 2d06b607dd0a2177fd6169addd39d25a83dd0ef3
SHA256 a3b5f01355952c823b03de1161c72287f9d1895f0edaa9aa55cbe66cfa69878b
SHA512 9e5f0872e5878c6311208210217dbc2b18bea06444c47e9f1bce18682732452c32d21d99a20a94bc82b2d64e5a1d4c55a4a8a6c8db532290b03b25394ec645df

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\prefs-1.js

MD5 aae3e6ea7121c11d772fe483c97091cb
SHA1 3bc43d6cbf816188b384f8613cc84d6dc4d79b90
SHA256 37d291ab8fb27ea3afbc35de11a772f3e28ac731d4f24b5d6dccf570228bfe08
SHA512 3497180c67b15aae252cbec9806e5eb2bcb576afedcda9a44fc439f54ed7c9cf280cbe0ae11bdf39dbe9b569276f174790a4d9cd43f1717464a040a4e242b129

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\prefs-1.js

MD5 1b8930c9cdbaeb86a61ca17cc0d33967
SHA1 9a5875523b2b4df27bdcd5fbf70bb815ad09a45a
SHA256 1b10b6689d5a7dad15b29ac9833bdc1df7e63432be9c8e5a068edee9f4fe028a
SHA512 e471b728d3edf946b52972e71bd8e25b35319e19af776170f2eb3ea602d7b131c22bf29a0086e845e98d39a7ef5cf757fe3b095ad0f7c1b8c57fecd7f4fb2d42

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\prefs-1.js

MD5 bc62947554591b6e658b95ec5549a05e
SHA1 af52f738403715d536f80f7f557075dd8d434720
SHA256 f39565ca42070b7877310611bde3534b5466fec64c3d3aedc0d078e38177b216
SHA512 0ec9115595791dcee3829d4fe5fa74f3725aa6c6f6c04cd58661b5dd287b79ce88400ff4b9c60d1f4f92f1db1d730f46d93d2e5e9fc0bd4f7c5fe1717a587def

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHx0u3r\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfwWKj\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfwWKj\prefs.js

MD5 7a4862c2993a2c78f829d7a5505cb936
SHA1 9666f3342976e780eb034ec4f74495fe504b2c2a
SHA256 00dfc1d3e722042e685913149438ab463d15a093006651de763123a5bbd4c95c
SHA512 64c621c1a87792133321767d87e798577ada6cddb2b068e9df2465b12db6646ecfaa4eb02d4863435d23c3ced24de39299979a486dd35d8ec852fdf874ca8144

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfwWKj\prefs.js

MD5 1bce21e90435cb36c82556b1dc70f94d
SHA1 df86eb5f3f82bd8e621cc16907cfd67a707ce83b
SHA256 f8fc79da79df64e28b2bd9fa20d295477871e532694a227fb24a52fca358a81a
SHA512 0941ad063a6231038fea5c8ea0177bbbf6114b0014c3c4a7a4c3f393cefc597723cc64d2a33646037f2dfea488bb00cee8f63ae5bd0083d6c1e9d6b2c618d551

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfwWKj\prefs-1.js

MD5 aff251797bdcc5ce4db7437f1c9aab0f
SHA1 714497b6cf3da4da4865fb50e762204790947e39
SHA256 8e0db0960345a99bed53dc6b623447a9397a9b163d4951953ecd10a8a047e883
SHA512 071e9cf9863ccffa117e93f160886c2b137327fe8c15347c1080eca88cac7693dc257733caaf59ea3f8105163c5b70a9ef508c94c6f6fcdd7910670a015b60dc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexfwWKj\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\prefs-1.js

MD5 05ef6bf627f610bb11e10c875f7ec2f5
SHA1 ffa763f92a67f45f66f4d2a7235901fcd777644c
SHA256 89227e228fe969aaa7d9b02527385d370ef7c150d0269d30629c5785b075e774
SHA512 443862488715139fefa3efe01a54d5649b6320e4ab5b682e2d38c8b1d6dfc0e5a5d539a53cc85472d39d746bca245adb58719c2462736a793cf0f95b1be06b89

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\prefs-1.js

MD5 4739c9fa49cdaf4ff3969882b9d27762
SHA1 ddac6c810de467d02960039b04f4517d164cf437
SHA256 c95781275ca00819a3bd1941eccfb6aa0bff3e4dcb1e7b226392c1a0de38a5cd
SHA512 7dfc5602f6fa2d671ba4ecbc54b5f0d53f93877afa030f58a52958088ccf16ca062a724f2a6133ee505f44c69b5193d33feb1b3bac596864fd49c245b004e918

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJHcMbe\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH\WebDriverBiDiServer.json

MD5 1b989c4d7664093cded425cd21fe0d5c
SHA1 567bb3e5eccacc8203b2c69b306226e6cdca2c3a
SHA256 f04a882334ae5360d2b45f053d1ebc6cab652018148d23a9b4fd2cfb7298d0fa
SHA512 453ef99b3a6323ee9f640a9c7d7018b6d87848bf057c03fa9f8c904abf34c4d9297607615bec7152a67326bd32c82b077369e4acdd29aa76453284046581386b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH\prefs-1.js

MD5 aeedfc82c2c3edb1b79456b95fbfbca4
SHA1 12f47e19554f754a9bbd11c492a53da016f4bdf5
SHA256 22d8ad99c25561d1740d52edbc684139ee1fae77c82bc3cec9e9a2f022577fe2
SHA512 1a3eee6027127d66dd75bceda12e5f574d61de7a10b92b1fa0be30861c34b2003c0c90f76da40446714b4e5cde2be72189a50f5fab0cb26614e86bb062f17226

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH\prefs-1.js

MD5 1dcb16169a3de7c9cc1dc456b0a0a755
SHA1 37b97584da04db4dacf4795f6e0b80b1201fef8e
SHA256 7c6b353eb758ceb9e30eee155259b1d8a1789b089a4092e22b5f93ecd3975407
SHA512 7541626406508b206f3fecfca15f85b9ef64a2fcc2283a359355cb61038458892fea489ce7cf5bc4de53d0e6bfd28a9ac03085ea7bebd6f68ea426f6e49f1878

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH\prefs-1.js

MD5 f381638c36580d0dbc1bcf756f6bc78e
SHA1 96a8ed72141e01d592d747b8f013f606b3172a21
SHA256 d007df3c33a59ad9d6da468694d2d049ad8a7a93ff2229decec785fa79207979
SHA512 10dc6280cd2e7fba49809290014474b0416f46ae59894341f9ba7ee149fe8628006a19b44ba859c23443742faa340ca0c0e493e990a7267a82d4975d14f37a5e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyj8GBH\prefs-1.js

MD5 e107295cba5c1f6bc8915a8351121ba0
SHA1 05f24d138be07d93f69cae85576d3263fbc36165
SHA256 8a8d31f8e44b2c15c28c7d7cde450345d6eab61c8271c158ba3e9aee08e47307
SHA512 ca63527dc805c4f39b51d03ed17d369f80325834ef80f31327fa6cb964b0a572434483026922d9ad6b8a2cdc09e85cc2e3444c3374fa56cf966400a209dd1f48

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVj0fzM\prefs.js

MD5 63cba2967068f4332e627c5e927b1bda
SHA1 d18e420995032280e9517998938e245b9f04f5e3
SHA256 318a9826048bbbddd170b4a74d9a57609cfa93f98a052b5b21c68c12a0b1a101
SHA512 67c1539726fa78b589ccf5c713675ead8060e34b3740790cf77fc7d465be9242b53df4b701d0468fc2813228d392e310cf3c4f2680f9bb41445b9077916c920d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVj0fzM\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 bc854928def2d8c345b4ddf712a4e522
SHA1 a7a9bddb555459687e82b601741b27f362cf781f
SHA256 efc7c7314e741d00c57b497708e3b445eb5e122f4084be6ce3a4e46ab002431e
SHA512 07a947afcb2c021a94d5f5ea4c637d41e52bcf77f0117239c5103e2ef4cc704927d2177b41170d08cd413df0ecb95a9881304926594ad25891ec63c800f49264

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVj0fzM\prefs-1.js

MD5 8280e0b6945e921ceb4c67f4ed0dffbf
SHA1 8923c3dd04b7a0a173c36601cfa89c4cbee217d5
SHA256 def53be5cd3f44a7e62857c05658032d8b27bdf5bce9faa322359a8efac2d8a7
SHA512 559c83b2d163ce8b149ac4ee2fe3c61568b2b8d39b494e1052b5d9e8b642febc61306948b095d65141b681df675189d66bf28a627b909c74d75d0ceee9fd6bc5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVj0fzM\prefs-1.js

MD5 51f15effdd91e2ecb8ad6c4ede6fc5de
SHA1 45f27e7393e9ba3eb3c7f558d894899154a7df03
SHA256 e08f4724752eb917c2f48461f5762e4c4f783b36576319deaa7f9fb172eb6dd6
SHA512 03ae275f82fd0a6772c8bb0ec5e05b753d85bfc869a12b20d5b58af21499e54b86283eebe443598c6cf75a4bde370dd502b843adecb38c3e83589d5ec9dec008

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:05

Reported

2024-05-09 01:15

Platform

win11-20240419-en

Max time kernel

300s

Max time network

316s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4748 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4748 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2844 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2844 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2844 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2844 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1912 wrote to memory of 3960 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1912 wrote to memory of 3960 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2844 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe
PID 2844 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe
PID 2812 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 2812 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4164 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe
PID 4852 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2yhZKS

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2yhZKS

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.0.124538828\1110496538" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {37fa3353-2b99-419e-bc6b-8d07c8494705} 4852 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.1.1903643764\423083172" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {3b716895-a2b0-486a-817d-7e84a9f5606f} 4852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.2.206049779\228882995" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 2992 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {431459ba-589c-46c3-a467-9a0bde8cf48e} 4852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.3.898887837\273483769" -childID 3 -isForBrowser -prefsHandle 3364 -prefMapHandle 3244 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {7d2744d2-84e3-402c-8f00-95f574cd4b83} 4852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.4.1618600714\1322257570" -childID 4 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {21ded2a8-40e6-41f0-8f61-94d41aaf967b} 4852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.5.521408995\678803611" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {8fa17706-0d7c-4f7c-9a67-c83ab05b7e16} 4852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.6.376337674\921067672" -childID 6 -isForBrowser -prefsHandle 4216 -prefMapHandle 4220 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {996cb0d7-2be1-422e-8437-cdaa27b1ff24} 4852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4852.7.1733053217\981457866" -childID 7 -isForBrowser -prefsHandle 3876 -prefMapHandle 4244 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {4ef0703e-33e3-4069-ae24-8ac8aec1b22a} 4852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.0.1255323399\402580237" -parentBuildID 20240416150000 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {dfa6bceb-3a51-4080-a4fe-c9ef77618a45} 1044 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.1.1803919110\601747348" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2508 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {5f2c2cbe-5bdb-4d97-82c4-b861f86910b0} 1044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.2.1132064875\1407297110" -childID 2 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {1e72b1dc-5542-482f-a9aa-015acc24f5e2} 1044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.3.211064866\1861870949" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3432 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {59696a49-4a7a-4055-bad5-7eda82800625} 1044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.4.1008086069\790048197" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {96c99e78-17e6-47c3-8dba-cbd7dbd470d9} 1044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.5.832468903\1979596790" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 4012 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {63164590-4e04-4a37-994b-c7fc65b395c6} 1044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.6.960210050\1420622533" -childID 6 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {f0d72eaa-e9e1-49ea-82c4-872991258707} 1044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1044.7.889139548\1895133453" -childID 7 -isForBrowser -prefsHandle 4484 -prefMapHandle 4488 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {cbcd1ca4-8747-4498-a263-17b29ed0d53b} 1044 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgUfpL

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgUfpL

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.0.1271679007\1337101833" -parentBuildID 20240416150000 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {10f5edee-f14a-4917-a0e0-386770e215df} 1856 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.1.1325208183\1604401541" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2588 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {779a7ebd-f2c8-4a1d-9eaa-603efb1d0d26} 1856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.2.490187610\1372225556" -childID 2 -isForBrowser -prefsHandle 2264 -prefMapHandle 2436 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {36365da4-2009-4345-9e50-a904c87e7dc9} 1856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.3.703373925\681904449" -childID 3 -isForBrowser -prefsHandle 3356 -prefMapHandle 2920 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {89ad9326-5da9-4582-b0fb-aa2de6fb417c} 1856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.4.1221374992\344907604" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {e9af816e-ee24-4281-94f8-1d9d50f31e3f} 1856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.5.2017405761\1354418099" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {8d73167e-fc76-4918-831f-a871726c0a84} 1856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.6.788291535\1184399596" -childID 6 -isForBrowser -prefsHandle 3996 -prefMapHandle 4000 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {352b8877-aff2-433f-9c71-e073e116e22c} 1856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1856.7.1543954855\246678518" -childID 7 -isForBrowser -prefsHandle 4508 -prefMapHandle 4176 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {030a5a67-322c-4571-aa9a-e6eae2435e10} 1856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuFDWIb

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuFDWIb

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3988.0.850120835\746932422" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {60f1e968-371e-4fb0-8b92-45d4edaf4fa1} 3988 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3988.1.882035978\1977248458" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2716 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {5182c91a-37d0-4274-9dd3-ee1d853a62e0} 3988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3988.2.1252890717\1288571236" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {8d719e50-41d7-4d8a-99ba-dffaa5e6c432} 3988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3988.3.561818995\945421227" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3608 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {d546ec70-25ea-4f2b-b550-06241c492ddc} 3988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3988.4.1854030422\990122716" -childID 4 -isForBrowser -prefsHandle 3164 -prefMapHandle 3848 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {bfaf3e33-81ba-449b-9236-84b636557b61} 3988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3988.5.2132341875\6113699" -childID 5 -isForBrowser -prefsHandle 3360 -prefMapHandle 3364 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {c3aacdc2-8819-4835-b57b-55603fe7a64d} 3988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3988.6.675998415\2021909420" -childID 6 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {f5a0c582-cb8a-4479-ac2d-470a8800d5e9} 3988 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.0.1754342065\1086439384" -parentBuildID 20240416150000 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {d9135f92-f43a-4c27-94f0-f2129adc450d} 2868 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.1.1844412809\1589976134" -childID 1 -isForBrowser -prefsHandle 2420 -prefMapHandle 2540 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {028f6207-4f3c-4e01-aaee-b83e04eb6d3a} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.2.835924315\1863443680" -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 3100 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {1c0d1c25-ea0c-4015-9e61-40b044b0a0bf} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.3.276972264\1153489164" -childID 3 -isForBrowser -prefsHandle 3308 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {a056532f-fc78-4ea9-9bb1-f086e11b08f5} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.4.464738959\782457358" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {3d023a71-c7e3-466e-99a0-006cf189c297} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.5.1353586694\117642060" -childID 5 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {d5aebea7-75d8-43ba-89f8-e4b528f04c7c} 2868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2868.6.236479783\395850498" -childID 6 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\browser" - {b79b0c85-9b30-4f61-842b-d54dd83cb8e4} 2868 tab

Network

Country Destination Domain Proto
CA 54.39.68.9:443 tcp
N/A 127.0.0.1:50106 tcp
N/A 127.0.0.1:50108 tcp
US 199.195.251.119:9000 tcp
N/A 127.0.0.1:50003 tcp
US 8.8.8.8:53 119.251.195.199.in-addr.arpa udp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50202 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50210 tcp
DE 144.76.166.141:9002 tcp
US 23.82.136.232:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 232.136.82.23.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50669 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50677 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:51011 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51019 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:51428 tcp
N/A 127.0.0.1:51436 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:51805 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51813 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI47482\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI47482\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI47482\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI47482\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI47482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI47482\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI47482\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI47482\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI47482\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI47482\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI47482\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI47482\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI47482\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI47482\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI47482\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI47482\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI47482\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI47482\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI47482\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI47482\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI47482\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI47482\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpyn_ylcj9\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI47482\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4852-464-0x00000239A5A20000-0x00000239A5A30000-memory.dmp

memory/4112-483-0x00007FF8C3910000-0x00007FF8C3911000-memory.dmp

memory/4112-482-0x00007FF8C33C0000-0x00007FF8C33C1000-memory.dmp

memory/4320-526-0x000001CD72940000-0x000001CD72A16000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2yhZKS\prefs.js

MD5 ec0ab0b3aa26de0cbdce99079c696098
SHA1 df1df6f1bab29b6be20a6895e2bf5fb117d72a22
SHA256 904588b528e1d150519bfd47c28e7676d22828d53fb484d31767d94342051231
SHA512 7875d09fb37cf07efa8096543ddb00010140f67c777631883ff5d62eee861574a2ddae3d595a9dc68165d4769513e5d03c3430fd9148d3288d9f0c32088d7fda

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2yhZKS\extensions.json

MD5 bac3850c990845bc49aa107a30612593
SHA1 c36f74e6d1f991ff3766360f48a831900a444287
SHA256 8060b72151148dc34fed00c0a6b7ae7c1d8ac68c6bf31f4b6d48ace5c360259c
SHA512 dcacd77c3696d433b79beeb322f7bceb41b38449a5bfbe2c18f3dbabe7c52249ec1c78d107b5d2d9b7909bb7044df8f1898f1d16c3aa78173b39b4503aa702b9

memory/4852-564-0x00000239ADA80000-0x00000239ADA90000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 3dbb7a1276b5ae38f5b907b482c79e89
SHA1 736f51956ce2ab912156e37b54931b446b905262
SHA256 7b081c99ad0a601ba2226f6afe381aad246b818b42646d6f907ea93e05e85910
SHA512 d72788b15b50f2fb7d914451d9c059f43945d843cf34e072c70024715e078addbbf6a7c474dbc4baf0ee97e79052f8838a4a627eaa6d8f49ea85e76547536ea1

memory/4852-604-0x00000239A1630000-0x00000239A17A0000-memory.dmp

memory/4112-612-0x000001F12B400000-0x000001F12B4D6000-memory.dmp

memory/948-613-0x000001500F500000-0x000001500F5D6000-memory.dmp

memory/2820-617-0x000002351E510000-0x000002351E5E6000-memory.dmp

memory/1936-618-0x000001CD8BD00000-0x000001CD8BDD6000-memory.dmp

memory/2628-619-0x0000023AB88A0000-0x0000023AB8976000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2yhZKS\prefs-1.js

MD5 458112344ff7b70a4dfa3847a70f7f29
SHA1 87e9f9dc14ca79b88436193cba68f7efc55b2c16
SHA256 813fb49caeab118fda7ec6558a5db151a60382cef24c76e0bbab2a1b7e7be883
SHA512 2c9dc1f7280bd5614cb28260e0023fdeee2f6d131a5f6d70955dad84d3c1622e63a05197600bd3e86de7010272fe608c2437209544acfd90803ed06e519fa9e5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile2yhZKS\prefs-1.js

MD5 ee5fe37ab1c33ab5c53fd87a4ac146bf
SHA1 01e9afa874d7d26847b6896aaf2e05df677f6ad6
SHA256 41e2d340853d404495b9f23677421180fc0e4b3dcd7634a2fa9d901aff9f2c7b
SHA512 88a1702bbd6428e74adc721d3e4235efbbef33b3f693b26eca5576f826aa12bc14c42615c544f96a0ee88605815d1821fdd204fecfc628d0bc2d513fb7eb10db

memory/428-691-0x0000025F6A150000-0x0000025F6A226000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\startupCache\webext.sc.lz4

MD5 70a5905f10fbeda6a666e3e1be4cd88f
SHA1 6bc40e3e5bedb1e9b97654e475bffa12d84d9f14
SHA256 edf77eb041350c201a416c75921d70ccb1b15ca8553aa895b729f571cc5918d8
SHA512 ae5dde22ca1ec29c45f188a7ed4bd623d365e0e84881b192b492b52f8d8ce87850c519d261f9967ade4e2cc72315e43aa4e6c87193e0e7788932e535f67146d5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\prefs.js

MD5 1771b4a7a9785ad6cfb6b900c30077f9
SHA1 eb3a99df83ce4ee5cc4115cbfb6d5ccaadfd573d
SHA256 d4e0677bfdc46cea4e51c7fd50bcda7be2081e5e5fa5e134723e114bcb13544c
SHA512 586addb0a09c7d55f3952e8b7a99ff0564f78a4875b04cb664a4bca63b4210a4c8e84a93ac47718583502d3e787ad2d5c10a48d2c22709401e03521c26014ab2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CYmiz\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgUfpL\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgUfpL\prefs-1.js

MD5 3e559ea7e80d354c292ef51f286359f8
SHA1 8b43af7de01925a59e7b28c0c9a5e78623399270
SHA256 3c0651b5cf2a9cff11f558d495db744795f1a7b3b60ea7613eef24ceb04dabff
SHA512 eb8b6c1298a704fb3577a31426c0453dcb6819b2c305993ac43b94a9d9fcc83953c86861d12c430d38ad22e9679ba90eb4f7037571ce492201cc9b29d8b4b938

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgUfpL\prefs-1.js

MD5 27b53dcd1bc52a0ab174cc7dccff9e38
SHA1 4cc5719742f6ed565fff7b7e07d53359f8f18ca5
SHA256 fac56b38d843c6627d640de01d72e879d7d3b8f2a50800b355c50bec05b909cc
SHA512 5b5a02b071aa61233b22c11e50053b61c71559ea35dbec7565f21dd1586a2f122ac279b8d70f21f821be49429d13765f6f1ff3d74c0e438648678ecb4b0ecb8a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgUfpL\sessionCheckpoints.json.tmp

MD5 c543c589f3219b3a444ae60b83e2b08e
SHA1 e259a2fced0248129e02dffb6e0f01c4b33783d8
SHA256 65f9611478b292ef0f493dfe7c2443e2d4e32f7f1999ad4fb71bfd5949503d27
SHA512 ff2083db0cc99bfaf0f2e10dea6ba6812e1cf32021d826a222948dd8b207dc592cda88c6ecba499ab50e6bf9eba75b0d53110492445b7babeeaa2b12512b01a1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileXgUfpL\prefs-1.js

MD5 305d304a71efb46685bb6987a1085f6e
SHA1 98f727aa12452129bc02ba0db1f20fc99a628880
SHA256 33b980d5ec451da60f2e71f47ea56ada102037960aac6dba77b9dc773b556d9b
SHA512 d3f03980636aa7c5f09d7fb2b5b48084fcfa43bbe4712b40b05925e27ec6291b0d8a1c9a8bfbf5c15fc4cd4199eca4f91ff37c8704838e00a7278afb57b9ce4b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuFDWIb\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuFDWIb\prefs-1.js

MD5 159ffe2911b56e9b1165a83d029f645d
SHA1 7b79e2e5192256c2ae2869fbf44656a837d304e4
SHA256 71147ff52607f2643958c942ccc78418654a2f2c4001e2361889ae9a1cdb2030
SHA512 e484a59977f0d93bc8a48c9b4de455f6ac89880092bc72719eb6cf8b64308ee78cf794bb2bb92a08dba63a8757f8c7b62ecd28291ed9a7be9c74f849b0f827e5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuFDWIb\prefs-1.js

MD5 55e27fd00aa057443bb63296df50e6f8
SHA1 dece28918de81d1043ccce9df441cd91cd2a7b23
SHA256 a0a363c7c4b10abe63ef00c05fe40c31d90ada4f4991a706b2fbb15cf96bba51
SHA512 2bcc84c2c66e7123e3908f6879145970e5a82090ad2e22ca2e56b3db39b2ad7f509d662753ac25406d6290e4e10ff3bb8cb384cc57e2e1b54b8b50ef51002f74

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc\compatibility.ini

MD5 429c163cb2efe11306391ba923813903
SHA1 26df2044750f6cacb35beab9b544eec4fcdcc337
SHA256 076bbba0d6d6b27ac71b6263d24775ed8ae1ba4a1f65e3677b32332eaa240ee4
SHA512 c1ab5d1a16e2af61ad1711077d276020221cb62111cec2519ab57ae95341480c5afc1ca02efd6e355b39cdc5b0d1d78692e304e8c708845f36fbede334dc55ba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc\WebDriverBiDiServer.json

MD5 479915382d1d97f8157cf7bf839aee74
SHA1 714d15bfa6832f9b9e1ca1d8f9a9201743fe8030
SHA256 fa2d76c28ee55290799cf8dd2c6507748c8caee64a004681095b8159f3d354b2
SHA512 f990b5591154a557f6dd095506a45d0ae151d3b39390249c2eac91de70647b0160c5a7fe45db36100f6207cf8d98219d6d02e3b0cb89dd7b9828c8f22f9ac815

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc\startupCache\scriptCache-child-new.bin

MD5 f5d1636ce3602881a361d6b4ef15f97c
SHA1 6976e01e8f57aefc8a626d3b8967aa3a056930f9
SHA256 01565f73663b891f84d82db21727226d9d0c622d3a43af33a0aa332ebf56d27c
SHA512 fb0525447422216487f6b2cd6911a831af358f5d8fe97742db91541085e230841bb8a70460ebe29de85fd34020ccf4fd510719fad646338431203f23a14ea0bd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyhtwXc\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 a7277c83266acc0182cd5dbf87c16905
SHA1 c4b14ec1cba54264cd957cd2b5f83ee02af665cc
SHA256 a041234a24b4d34fbc27ba4984285575c9d0583614638005bcf7ca7be7c5206e
SHA512 bfb971af9210f580a5830fca7f785d9364ca52c8a5a0c3b4ba175c72d4fb9db480d9585d562058b4c3f977d6cafbb338c843766bdb70ab030f10b907160e691f